Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Infopop
  • Ultimate Bulletin Board

Configuration 1 [-]

OR cpe:2.3:a:infopop:ultimate_bulletin_board:-:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:1.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.03:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.04:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.05:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.10:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.11:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.5:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.6:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.7:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.75:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.03:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.04:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.05:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.06:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.07:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.50:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.51:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.52:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.53:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.75:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.80:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.81:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.82:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.83:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.84:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.85:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.86:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.00:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.07:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.08:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.09:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.10:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.11:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.12:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.13:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.14:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.15:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.16:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.17:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.18:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.19:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.20:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.25:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.26:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.27:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.28:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.31:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.32:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.33:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.35:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.37:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:d:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.40:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:d:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:d:*:*:*:*:*:*
References
Link Resource
http://marc.info/?l=bugtraq&m=100586033530341&w=2 Mailing List
http://marc.info/?l=bugtraq&m=100586541317940&w=2 Mailing List
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-02-02T05:00:00

Updated: 2016-10-17T13:57:01

Reserved: 2002-01-31T00:00:00

Link: CVE-2001-0897

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2001-11-15T05:00:00.000

Modified: 2023-05-16T11:09:02.377

Link: CVE-2001-0897

JSON object: View

cve-icon Redhat Information

No data.

CWE