Last Modified: Oct. 18, 2016
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
Access Vector: Local
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete
Base Score: 6.9
Exploitability Score: 3.4
Impact Score: 10.0
CVSS V2: AV:L/AC:M/Au:N/C:C/I:C/A:C
NVD-CWE-Other
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:infopop:ultimate_bulletin_board:6:*:*:*:*:*:*:* Part: a Vendor: infopop | Alle Schwachstellen für infopop | |
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:infopop:ultimate_bulletin_board:6:*:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
<prop key="range" value="local"/>
</set>
<?xml version="1.0" ?>
<set operator="and">
<prop key="target" value="host"/>
<set operator="or">
<prop key="program_influence" value="input"/>
<prop key="program_influence" value="output"/>
<prop key="program_influence" value="existence"/>
</set>
<prop key="data" value="any"/>
<set operator="or">
<prop key="data_influence" value="read"/>
<prop key="data_influence" value="write"/>
<prop key="data_influence" value="delete"/>
</set>
<set operator="or">
<prop key="range" value="local"/>
<prop key="range" value="local"/>
</set>
</set>