CVE-2006-1717

Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.

Published: Apr 12, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1717
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mybulletinboard / mybulletinboard	1.10	1.10.x

http://secunia.com/advisories/19516
http://www.securityfocus.com/archive/1/430464/100/0/threaded
http://www.securityfocus.com/bid/17427
https://exchange.xforce.ibmcloud.com/vulnerabilities/25730

Vulnerability Database

289,784

CVE-2006-1717