Page 7 of 63 results (0.006 seconds)

CVSS: 5.1EPSS: 3%CPEs: 1EXPL: 0

CVE-2006-1716

https://notcve.org/view.php?id=CVE-2006-1716

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un evento JavaScript en una etiqueta BBCode img. NOTA: el vector de correo electrónico ya esta cubierto par la CVE-2006-1625, aunque podría provenir del mismo caso central. • http://kapda.ir/advisory-305.html http://myimei.com/security/2006-03-12/mybb-110functions_postphpxss-attack.html http://secunia.com/advisories/19516 http://www.osvdb.org/24375 http://www.securityfocus.com/archive/1/430344/100/0/threaded http://www.securityfocus.com/bid/17413 https://exchange.xforce.ibmcloud.com/vulnerabilities/25615 •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

CVE-2006-1625

https://notcve.org/view.php?id=CVE-2006-1625

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. Vulnerabilidad de XSS en inc/functions_post.php en MyBB (también conocido como MyBulletinBoard) 1.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un evento JavaScript en una etiqueta de correo electrónico BBCode, como se demuestra usando el evento onmousemove. • http://secunia.com/advisories/19516 http://www.osvdb.org/24375 http://www.securityfocus.com/archive/1/429748/100/0/threaded http://www.securityfocus.com/bid/17368 http://www.vupen.com/english/advisories/2006/1216 https://exchange.xforce.ibmcloud.com/vulnerabilities/25615 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-1345

https://notcve.org/view.php?id=CVE-2006-1345

polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. • http://www.securityfocus.com/archive/1/428056/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25337 •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 3

CVE-2006-1282

https://notcve.org/view.php?id=CVE-2006-1282

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-295.html http://myimei.com/security/2006-03-10/mybb104redirectfunctionheaderinjection.html http://www.securityfocus.com/archive/1/427747/100/0/threaded http://www.securityfocus.com/bid/17097 https://exchange.xforce.ibmcloud.com/vulnerabilities/25267 •

CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 5

CVE-2006-1281

https://notcve.org/view.php?id=CVE-2006-1281

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. • http://community.mybboard.net/showthread.php?tid=7368 http://kapda.ir/advisory-296.html http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html http://secunia.com/advisories/19213 http://www.osvdb.org/23935 http://www.securityfocus.com/archive/1/427744/100/0/threaded http://www.securityfocus.com/bid/17097 http://www.securityfocus.com/bid/17492 http://www.vupen.com/english/advisories/2006/0971 https://exchange.xforce.ibmcloud.com/vulnerabilities/25266 •