CVE-2006-0442

Mybb - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roozbeh Afrasiabi · textwebappsphp

https://www.exploit-db.com/exploits/27122

View Code ZIP pw:eip

References (6)

[Exploit, Vendor Advisory] http://kapda.ir/advisory-241.html

[Vendor Advisory] http://secunia.com/advisories/18603

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/423128/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16361

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015535

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0316

Scores

EPSS 0.0053

EPSS Percentile 66.8%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

mybb/mybb

Timeline

Published Jan 26, 2006

Tracked Since Feb 18, 2026