CVE-2006-1281

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.

Affected Software

Name	Vendor	Start Version	End Version
Mybulletinboard	Mybulletinboard	1.0.1 (including)	1.0.1 (including)
Mybulletinboard	Mybulletinboard	1.0.2 (including)	1.0.2 (including)
Mybulletinboard	Mybulletinboard	1.0.3 (including)	1.0.3 (including)
Mybulletinboard	Mybulletinboard	1.0.4 (including)	1.0.4 (including)
Mybulletinboard	Mybulletinboard	1.0_final (including)	1.0_final (including)
Mybulletinboard	Mybulletinboard	1.0_pr2 (including)	1.0_pr2 (including)
Mybulletinboard	Mybulletinboard	1.10 (including)	1.10 (including)
Mybulletinboard	Mybulletinboard	rc1 (including)	rc1 (including)
Mybulletinboard	Mybulletinboard	rc2 (including)	rc2 (including)
Mybulletinboard	Mybulletinboard	rc3 (including)	rc3 (including)
Mybulletinboard	Mybulletinboard	rc4 (including)	rc4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1281
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References