What is the severity of CVE-2006-1281?

CVE-2006-1281 is classified as a cross-site scripting (XSS) vulnerability which poses medium severity as it allows remote attackers to inject arbitrary web scripts or HTML.

How do I fix CVE-2006-1281?

To fix CVE-2006-1281, update MyBulletinBoard to a version that is not vulnerable, preferably version 1.10 or later.

Which versions of MyBulletinBoard are affected by CVE-2006-1281?

CVE-2006-1281 affects MyBulletinBoard versions 1.0_final, rc1, rc2, rc3, rc4, and 1.0.1 to 1.0.4.

Can CVE-2006-1281 lead to data theft?

Yes, CVE-2006-1281 can lead to data theft as attackers can exploit the XSS vulnerability to steal session cookies or other sensitive information.

How can I identify if my MyBulletinBoard installation is vulnerable to CVE-2006-1281?

You can identify vulnerability to CVE-2006-1281 by checking if your MyBulletinBoard version is one of the affected releases and testing for XSS exploitation via the url parameter.

Vulnerability/
CVE-2006-1281

low

3.5

CWE

NVD-CWE-Other 79

19/3/2006

7/8/2024

CVE-2006-1281: XSS

First published: Sun Mar 19 2006(Updated: )

Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mybulletinboard Mybulletinboard	=1.10
Mybulletinboard Mybulletinboard	=1.0_final
Mybulletinboard Mybulletinboard	=rc3
Mybulletinboard Mybulletinboard	=rc2
Mybulletinboard Mybulletinboard	=rc1
Mybulletinboard Mybulletinboard	=1.0.3
Mybulletinboard Mybulletinboard	=rc4
Mybulletinboard Mybulletinboard	=1.0_pr2
Mybulletinboard Mybulletinboard	=1.0.1
Mybulletinboard Mybulletinboard	=1.0.4
Mybulletinboard Mybulletinboard	=1.0.2

Remedy

http://community.mybboard.net/showthread.php?tid=7368

Remedy

http://secunia.com/advisories/19213

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-1281?
CVE-2006-1281 is classified as a cross-site scripting (XSS) vulnerability which poses medium severity as it allows remote attackers to inject arbitrary web scripts or HTML.
How do I fix CVE-2006-1281?
To fix CVE-2006-1281, update MyBulletinBoard to a version that is not vulnerable, preferably version 1.10 or later.
Which versions of MyBulletinBoard are affected by CVE-2006-1281?
CVE-2006-1281 affects MyBulletinBoard versions 1.0_final, rc1, rc2, rc3, rc4, and 1.0.1 to 1.0.4.
Can CVE-2006-1281 lead to data theft?
Yes, CVE-2006-1281 can lead to data theft as attackers can exploit the XSS vulnerability to steal session cookies or other sensitive information.
How can I identify if my MyBulletinBoard installation is vulnerable to CVE-2006-1281?
You can identify vulnerability to CVE-2006-1281 by checking if your MyBulletinBoard version is one of the affected releases and testing for XSS exploitation via the url parameter.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
agent/source
vendor/mybulletinboard
canonical/mybulletinboard mybulletinboard
version/mybulletinboard mybulletinboard/1.10
version/mybulletinboard mybulletinboard/1.0_final
version/mybulletinboard mybulletinboard/rc3
version/mybulletinboard mybulletinboard/rc2
version/mybulletinboard mybulletinboard/rc1
version/mybulletinboard mybulletinboard/1.0.3
version/mybulletinboard mybulletinboard/rc4
version/mybulletinboard mybulletinboard/1.0_pr2
version/mybulletinboard mybulletinboard/1.0.1
version/mybulletinboard mybulletinboard/1.0.4
version/mybulletinboard mybulletinboard/1.0.2

Frequently Asked Questions

What is the severity of CVE-2006-1281?
CVE-2006-1281 is classified as a cross-site scripting (XSS) vulnerability which poses medium severity as it allows remote attackers to inject arbitrary web scripts or HTML.
How do I fix CVE-2006-1281?
To fix CVE-2006-1281, update MyBulletinBoard to a version that is not vulnerable, preferably version 1.10 or later.
Which versions of MyBulletinBoard are affected by CVE-2006-1281?
CVE-2006-1281 affects MyBulletinBoard versions 1.0_final, rc1, rc2, rc3, rc4, and 1.0.1 to 1.0.4.
Can CVE-2006-1281 lead to data theft?
Yes, CVE-2006-1281 can lead to data theft as attackers can exploit the XSS vulnerability to steal session cookies or other sensitive information.
How can I identify if my MyBulletinBoard installation is vulnerable to CVE-2006-1281?
You can identify vulnerability to CVE-2006-1281 by checking if your MyBulletinBoard version is one of the affected releases and testing for XSS exploitation via the url parameter.

CVE-2006-1281: XSS

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-1281?

How do I fix CVE-2006-1281?

Which versions of MyBulletinBoard are affected by CVE-2006-1281?

Can CVE-2006-1281 lead to data theft?

How can I identify if my MyBulletinBoard installation is vulnerable to CVE-2006-1281?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-1281?

How do I fix CVE-2006-1281?

Which versions of MyBulletinBoard are affected by CVE-2006-1281?

Can CVE-2006-1281 lead to data theft?

How can I identify if my MyBulletinBoard installation is vulnerable to CVE-2006-1281?