Vulnerability Description
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript".
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mybulletinboard | Mybulletinboard | 1.0.1 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.htmlExploit
- http://secunia.com/advisories/18544ExploitPatchVendor Advisory
- http://www.osvdb.org/22628Exploit
- http://www.securityfocus.com/bid/16308
- http://www.vupen.com/english/advisories/2006/0255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24225
- http://archives.neohapsis.com/archives/bugtraq/2006-01/0332.htmlExploit
- http://secunia.com/advisories/18544ExploitPatchVendor Advisory
- http://www.osvdb.org/22628Exploit
- http://www.securityfocus.com/bid/16308
- http://www.vupen.com/english/advisories/2006/0255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24225
FAQ
What is CVE-2006-0364?
CVE-2006-0364 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an...
How severe is CVE-2006-0364?
CVE-2006-0364 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0364?
Check the references section above for vendor advisories and patch information. Affected products include: Mybulletinboard Mybulletinboard.