Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2001-0897

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

Published

2001-11-15T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	infopop	ultimate_bulletin_board	-	Yes
Application	infopop	ultimate_bulletin_board	1.0	Yes
Application	infopop	ultimate_bulletin_board	2.0	Yes
Application	infopop	ultimate_bulletin_board	2.01	Yes
Application	infopop	ultimate_bulletin_board	2.02	Yes
Application	infopop	ultimate_bulletin_board	2.03	Yes
Application	infopop	ultimate_bulletin_board	2.04	Yes
Application	infopop	ultimate_bulletin_board	2.05	Yes
Application	infopop	ultimate_bulletin_board	2.10	Yes
Application	infopop	ultimate_bulletin_board	2.11	Yes
Application	infopop	ultimate_bulletin_board	3.0	Yes
Application	infopop	ultimate_bulletin_board	3.01	Yes
Application	infopop	ultimate_bulletin_board	3.02	Yes
Application	infopop	ultimate_bulletin_board	3.5	Yes
Application	infopop	ultimate_bulletin_board	3.6	Yes
Application	infopop	ultimate_bulletin_board	3.7	Yes
Application	infopop	ultimate_bulletin_board	3.75	Yes
Application	infopop	ultimate_bulletin_board	4.0	Yes
Application	infopop	ultimate_bulletin_board	4.01	Yes
Application	infopop	ultimate_bulletin_board	4.02	Yes
Application	infopop	ultimate_bulletin_board	4.03	Yes
Application	infopop	ultimate_bulletin_board	4.04	Yes
Application	infopop	ultimate_bulletin_board	4.05	Yes
Application	infopop	ultimate_bulletin_board	4.06	Yes
Application	infopop	ultimate_bulletin_board	4.07	Yes
Application	infopop	ultimate_bulletin_board	4.50	Yes
Application	infopop	ultimate_bulletin_board	4.51	Yes
Application	infopop	ultimate_bulletin_board	4.52	Yes
Application	infopop	ultimate_bulletin_board	4.53	Yes
Application	infopop	ultimate_bulletin_board	4.75	Yes
Application	infopop	ultimate_bulletin_board	4.80	Yes
Application	infopop	ultimate_bulletin_board	4.81	Yes
Application	infopop	ultimate_bulletin_board	4.82	Yes
Application	infopop	ultimate_bulletin_board	4.83	Yes
Application	infopop	ultimate_bulletin_board	4.84	Yes
Application	infopop	ultimate_bulletin_board	4.85	Yes
Application	infopop	ultimate_bulletin_board	4.86	Yes
Application	infopop	ultimate_bulletin_board	5.00	Yes
Application	infopop	ultimate_bulletin_board	5.01	Yes
Application	infopop	ultimate_bulletin_board	5.02	Yes
Application	infopop	ultimate_bulletin_board	5.05	Yes
Application	infopop	ultimate_bulletin_board	5.05	Yes
Application	infopop	ultimate_bulletin_board	5.06	Yes
Application	infopop	ultimate_bulletin_board	5.06	Yes
Application	infopop	ultimate_bulletin_board	5.07	Yes
Application	infopop	ultimate_bulletin_board	5.08	Yes
Application	infopop	ultimate_bulletin_board	5.09	Yes
Application	infopop	ultimate_bulletin_board	5.10	Yes
Application	infopop	ultimate_bulletin_board	5.11	Yes
Application	infopop	ultimate_bulletin_board	5.12	Yes
Application	infopop	ultimate_bulletin_board	5.13	Yes
Application	infopop	ultimate_bulletin_board	5.14	Yes
Application	infopop	ultimate_bulletin_board	5.15	Yes
Application	infopop	ultimate_bulletin_board	5.16	Yes
Application	infopop	ultimate_bulletin_board	5.17	Yes
Application	infopop	ultimate_bulletin_board	5.18	Yes
Application	infopop	ultimate_bulletin_board	5.19	Yes
Application	infopop	ultimate_bulletin_board	5.20	Yes
Application	infopop	ultimate_bulletin_board	5.25	Yes
Application	infopop	ultimate_bulletin_board	5.26	Yes
Application	infopop	ultimate_bulletin_board	5.27	Yes
Application	infopop	ultimate_bulletin_board	5.28	Yes
Application	infopop	ultimate_bulletin_board	5.29	Yes
Application	infopop	ultimate_bulletin_board	5.29	Yes
Application	infopop	ultimate_bulletin_board	5.29	Yes
Application	infopop	ultimate_bulletin_board	5.30	Yes
Application	infopop	ultimate_bulletin_board	5.30	Yes
Application	infopop	ultimate_bulletin_board	5.31	Yes
Application	infopop	ultimate_bulletin_board	5.32	Yes
Application	infopop	ultimate_bulletin_board	5.33	Yes
Application	infopop	ultimate_bulletin_board	5.34	Yes
Application	infopop	ultimate_bulletin_board	5.34	Yes
Application	infopop	ultimate_bulletin_board	5.35	Yes
Application	infopop	ultimate_bulletin_board	5.36	Yes
Application	infopop	ultimate_bulletin_board	5.36	Yes
Application	infopop	ultimate_bulletin_board	5.37	Yes
Application	infopop	ultimate_bulletin_board	5.38	Yes
Application	infopop	ultimate_bulletin_board	5.38	Yes
Application	infopop	ultimate_bulletin_board	5.38	Yes
Application	infopop	ultimate_bulletin_board	5.38	Yes
Application	infopop	ultimate_bulletin_board	5.38	Yes
Application	infopop	ultimate_bulletin_board	5.39	Yes
Application	infopop	ultimate_bulletin_board	5.39	Yes
Application	infopop	ultimate_bulletin_board	5.39	Yes
Application	infopop	ultimate_bulletin_board	5.39	Yes
Application	infopop	ultimate_bulletin_board	5.40	Yes
Application	infopop	ultimate_bulletin_board	5.41	Yes
Application	infopop	ultimate_bulletin_board	5.41	Yes
Application	infopop	ultimate_bulletin_board	5.41	Yes
Application	infopop	ultimate_bulletin_board	5.42	Yes
Application	infopop	ultimate_bulletin_board	5.42	Yes
Application	infopop	ultimate_bulletin_board	5.43	Yes
Application	infopop	ultimate_bulletin_board	5.43	Yes
Application	infopop	ultimate_bulletin_board	5.43	Yes
Application	infopop	ultimate_bulletin_board	5.43	Yes
Application	infopop	ultimate_bulletin_board	5.43	Yes
Application	infopop	ultimate_bulletin_board	5.44	Yes
Application	infopop	ultimate_bulletin_board	5.44	Yes
Application	infopop	ultimate_bulletin_board	5.44	Yes
Application	infopop	ultimate_bulletin_board	5.45	Yes
Application	infopop	ultimate_bulletin_board	5.45	Yes
Application	infopop	ultimate_bulletin_board	5.45	Yes
Application	infopop	ultimate_bulletin_board	5.45	Yes
Application	infopop	ultimate_bulletin_board	5.46	Yes
Application	infopop	ultimate_bulletin_board	5.46	Yes
Application	infopop	ultimate_bulletin_board	5.47	Yes
Application	infopop	ultimate_bulletin_board	5.47	Yes
Application	infopop	ultimate_bulletin_board	5.47	Yes
Application	infopop	ultimate_bulletin_board	5.47	Yes
Application	infopop	ultimate_bulletin_board	5.47	Yes

References

http://marc.info/?l=bugtraq&m=100586033530341&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=100586541317940&w=2 Mailing List ([email protected])
http://marc.info/?l=bugtraq&m=100586033530341&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=100586541317940&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)