Description

Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.

Remediation

References

CVE-2006-0442

Related Vulnerabilities

Osclass Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6280)

WordPress Plugin Timed Content Cross-Site Scripting (2.72)

WordPress Plugin NextGEN Gallery Sell Photo Cross-Site Scripting (1.0.4)

WordPress Plugin WP Debugging Security Bypass (2.10.2)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10737)

Severity

Medium

Classification

CVE-2006-0442 CWE-707

Tags

Missing Update Known Vulnerabilities