PT-2006-4799 · Mybulletinboard · Mybb

Roozbeh Afrasiabi

Published

2006-08-01

Updated

2018-10-17

CVE-2006-3953

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions MyBB (aka MyBulletinBoard) version 1.x

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the gallery parameter in the usercp.php file.

Recommendations For MyBB (aka MyBulletinBoard) version 1.x, update to a version that fixes this issue, ensuring the gallery parameter in usercp.php is properly sanitized to prevent arbitrary web script or HTML injection.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3953

Affected Products

Mybb

PT-2006-4799 · Mybulletinboard · Mybb

CVE-2006-3953

Related Identifiers

Affected Products

References · 4