CVE-2006-0442
MyBB 1.0.1/1.0.2 Notepad - 'usercp.php' HTML Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.
Múltiples vulnerabilidades de XSS en usercp.php en MyBulletinBoard (MyBB) 1.02 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través del (1) parámetro de bloc en una acción de bloc y (2) parametro de firma en una acción de edición. NOTA: Estos son diferentes tipos de ataque y, probablemente, una vulnerabilidad diferente a CVE-2006-0218 y CVE-2006-0219.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-01-24 First Exploit
- 2006-01-26 CVE Reserved
- 2006-01-26 CVE Published
- 2023-05-02 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1015535 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/423128/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/16361 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/0316 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/27122 | 2006-01-24 | |
| http://kapda.ir/advisory-241.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/18603 | 2018-10-19 |