{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://community.mybboard.net/attachment.php?aid=2181"}, {"name": "mybb-search-xss(24466)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"}, {"name": "20060125 MyBB 1.0.2 XSS attack in search.php redirection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"}, {"name": "16387", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16387"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://community.mybboard.net/showthread.php?tid=6418"}, {"name": "ADV-2006-0350", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0350"}, {"name": "18617", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18617"}, {"name": "374", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/374"}, {"name": "22750", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/22750"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0470", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://community.mybboard.net/attachment.php?aid=2181", "refsource": "CONFIRM", "url": "http://community.mybboard.net/attachment.php?aid=2181"}, {"name": "mybb-search-xss(24466)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"}, {"name": "20060125 MyBB 1.0.2 XSS attack in search.php redirection", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"}, {"name": "16387", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16387"}, {"name": "http://community.mybboard.net/showthread.php?tid=6418", "refsource": "CONFIRM", "url": "http://community.mybboard.net/showthread.php?tid=6418"}, {"name": "ADV-2006-0350", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0350"}, {"name": "18617", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18617"}, {"name": "374", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/374"}, {"name": "22750", "refsource": "OSVDB", "url": "http://www.osvdb.org/22750"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0470", "datePublished": "2006-01-31T11:00:00", "dateReserved": "2006-01-31T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F3B187F-D0C5-4001-B877-3B0122784BB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D04152D8-60BE-4362-BF68-688DE53A066C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_final:*:*:*:*:*:*:*", "matchCriteriaId": "9114F7E3-D7E4-4DDF-8826-195EC63117E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_pr2:*:*:*:*:*:*:*", "matchCriteriaId": "6DB91E8F-52F1-4514-88DC-F2749973CB93", "vulnerable": true}, {"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_preview_release_2:*:*:*:*:*:*:*", "matchCriteriaId": "BD8FD48E-3B6A-4FD9-AA65-CCED2CC6E6A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "894A8A8C-24BE-4B28-9CF4-46DD04ED38BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mybulletinboard:mybulletinboard:1.0_rc4:*:*:*:*:*:*:*", "matchCriteriaId": "97857E46-5AB0-4C34-9BE8-9462784537C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection."}], "id": "CVE-2006-0470", "lastModified": "2017-07-20T01:29:47.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-01-31T11:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://community.mybboard.net/attachment.php?aid=2181"}, {"source": "cve@mitre.org", "url": "http://community.mybboard.net/showthread.php?tid=6418"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://seclists.org/lists/bugtraq/2006/Jan/0414.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18617"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/374"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/22750"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16387"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0350"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24466"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}