CVE-2006-1281 : Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB)

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.

Published 2006-03-19 11:06:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2006-1281

Mybulletinboard » Mybulletinboard » Version: RC1
cpe:2.3:a:mybulletinboard:mybulletinboard:rc1:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: RC2
cpe:2.3:a:mybulletinboard:mybulletinboard:rc2:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: RC3
cpe:2.3:a:mybulletinboard:mybulletinboard:rc3:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: RC4
cpe:2.3:a:mybulletinboard:mybulletinboard:rc4:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.0 Pr2
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.0.1
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.0.2
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.0 Final
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.0.3
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.3:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.0.4
cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.4:*:*:*:*:*:*:*
Matching versions
Mybulletinboard » Mybulletinboard » Version: 1.10
cpe:2.3:a:mybulletinboard:mybulletinboard:1.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-1281

EPSS FAQ

0.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-1281

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2006-1281

http://kapda.ir/advisory-296.html

Page Not Found - پروپوزال ســــرا
Exploit;Vendor Advisory
http://www.securityfocus.com/archive/1/427744/100/0/threaded
http://www.securityfocus.com/bid/17097

Exploit

CVEs referencing this url
http://secunia.com/advisories/19213

About Secunia Research | Flexera
Exploit;Patch;Vendor Advisory
http://community.mybboard.net/showthread.php?tid=7368

Patch

CVEs referencing this url
http://www.osvdb.org/23935

CVEs referencing this url
http://myimei.com/security/2006-03-09/mybb104memberphpxss-after-login.html

myimei.com
Exploit
http://www.securityfocus.com/bid/17492

Exploit
http://www.vupen.com/english/advisories/2006/0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/25266

Jump to

Vulnerability Details : CVE-2006-1281

Products affected by CVE-2006-1281

Exploit prediction scoring system (EPSS) score for CVE-2006-1281

CVSS scores for CVE-2006-1281

References for CVE-2006-1281