CVE Vulnerabilities

CVE-2006-1282

Published: Mar 19, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages.

Affected Software

Name Vendor Start Version End Version
Mybulletinboard Mybulletinboard 1.0.1 1.0.1
Mybulletinboard Mybulletinboard 1.0.2 1.0.2
Mybulletinboard Mybulletinboard 1.0.3 1.0.3
Mybulletinboard Mybulletinboard 1.0.4 1.0.4
Mybulletinboard Mybulletinboard 1.0_final 1.0_final
Mybulletinboard Mybulletinboard 1.0_pr2 1.0_pr2
Mybulletinboard Mybulletinboard rc1 rc1
Mybulletinboard Mybulletinboard rc2 rc2
Mybulletinboard Mybulletinboard rc3 rc3
Mybulletinboard Mybulletinboard rc4 rc4

References