CVE-2006-0495

Name of the Vulnerable Software and Affected Versions MyBB (aka MyBulletinBoard) version 1.02

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is stored in the $url variable.

Recommendations For MyBB (aka MyBulletinBoard) version 1.02, consider restricting access to the usercp2.php file or disabling the Add Thread to Favorites feature until a fix is available. As a temporary workaround, avoid using the $url variable in the affected feature to minimize the risk of exploitation.