Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-1832 | First vendor Publication | 2005-05-31 |
Vendor | Cve | Last vendor Modification | 2016-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1832 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17013 | MyBulletinBoard (MyBB) printthread.php tid Parameter XSS MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tid' variable upon submission to the printthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17012 | MyBulletinBoard (MyBB) showthread.php Multiple Parameter XSS MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pid' or 'tid' variables upon submission to the showthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17011 | MyBulletinBoard (MyBB) memberlist.php Multiple Parameter XSS MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' or 'usersearch' variables upon submission to the memberlist.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17010 | MyBulletinBoard (MyBB) member.php Multiple Parameter XSS MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username', 'email' or 'email2' variables upon submission to the member.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17009 | MyBulletinBoard (MyBB) forumdisplay.php Multiple Parameter XSS MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'datecut' or 'page' variables upon submission to the forumdisplay.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
17008 | MyBulletinBoard (MyBB) misc.php Multiple Parameter XSS MyBulletinBoard (MyBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input to multiple variables upon submission to the misc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Sources (Detail)
Source | Url |
---|---|
BUGTRAQ | http://marc.info/?l=bugtraq&m=111757191118050&w=2 |
CONFIRM | http://www.mybboard.com/community/showthread.php?tid=2559 |
SECUNIA | http://secunia.com/advisories/15552 |
Alert History
Date | Informations |
---|---|
2021-05-05 01:01:52 |
|
2021-05-04 12:03:00 |
|
2021-04-22 01:03:15 |
|
2020-05-23 01:36:43 |
|
2020-05-23 00:16:37 |
|
2016-10-18 12:01:42 |
|
2016-04-26 13:35:07 |
|
2013-05-11 11:26:53 |
|