CVE-2006-3761

Published: Jul 21, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".

Affected (21)

Products: Mybulletinboard: Mybulletinboard

Mybulletinboard

1 product

Mybulletinboard

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Mybulletinboard Mybulletinboard	Version 1.0.1
Mybulletinboard Mybulletinboard	Version 1.0.2
Mybulletinboard Mybulletinboard	Version 1.0.3
Mybulletinboard Mybulletinboard	Version 1.0.4
Mybulletinboard Mybulletinboard	Version 1.00_rc1
Mybulletinboard Mybulletinboard	Version 1.00_rc2
Mybulletinboard Mybulletinboard	Version 1.00_rc3
Mybulletinboard Mybulletinboard	Version 1.00_rc4
Mybulletinboard Mybulletinboard	Version 1.00_rc4_security_patch
Mybulletinboard Mybulletinboard	Version 1.01
Mybulletinboard Mybulletinboard	Version 1.04
Mybulletinboard Mybulletinboard	Version 1.0_final
Mybulletinboard Mybulletinboard	Version 1.0_pr2
Mybulletinboard Mybulletinboard	Version 1.0_preview_release_2
Mybulletinboard Mybulletinboard	Version 1.0_rc2
Mybulletinboard Mybulletinboard	Version 1.0_rc4
Mybulletinboard Mybulletinboard	Version 1.1.1
Mybulletinboard Mybulletinboard	Version 1.1.2
Mybulletinboard Mybulletinboard	Version 1.1.3
Mybulletinboard Mybulletinboard	Version 1.1.4
Mybulletinboard Mybulletinboard	Version 1.1

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (18)

http://community.mybboard.net/showthread.php?tid=10115

Source: cve@mitre.org

Patch

http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/20873

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/1257

Source: cve@mitre.org

http://www.mybboard.com/archive.php?nid=15

Source: cve@mitre.org

Patch

http://www.osvdb.org/26808

Source: cve@mitre.org

ExploitPatch

http://www.securityfocus.com/archive/1/438588/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18702

Source: cve@mitre.org

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/27444

Source: cve@mitre.org

http://community.mybboard.net/showthread.php?tid=10115

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/20873

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/1257

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mybboard.com/archive.php?nid=15

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/26808

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.securityfocus.com/archive/1/438588/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18702

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/27444

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.