CVE-2001-0897

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://marc.info/?l=bugtraq&m=100586033530341&w=2 Mailing List
http://marc.info/?l=bugtraq&m=100586541317940&w=2 Mailing List
http://marc.info/?l=bugtraq&m=100586033530341&w=2 Mailing List
http://marc.info/?l=bugtraq&m=100586541317940&w=2 Mailing List
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:infopop:ultimate_bulletin_board:-:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:1.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.03:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.04:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.05:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.10:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:2.11:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.5:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.6:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.7:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:3.75:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.0:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.03:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.04:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.05:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.06:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.07:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.50:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.51:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.52:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.53:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.75:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.80:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.81:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.82:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.83:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.84:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.85:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:4.86:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.00:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.01:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.02:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.07:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.08:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.09:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.10:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.11:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.12:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.13:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.14:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.15:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.16:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.17:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.18:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.19:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.20:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.25:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.26:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.27:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.28:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.31:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.32:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.33:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.35:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.37:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:d:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.40:*:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:d:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:-:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:a:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:b:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:c:*:*:*:*:*:*
cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:d:*:*:*:*:*:*
History

20 Nov 2024, 23:36

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=100586033530341&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=100586033530341&w=2 - Mailing List
References () http://marc.info/?l=bugtraq&m=100586541317940&w=2 - Mailing List () http://marc.info/?l=bugtraq&m=100586541317940&w=2 - Mailing List
Information

Published : 2001-11-15 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-0897

Mitre link : CVE-2001-0897

CVE.ORG link : CVE-2001-0897

JSON object : View

Products Affected

infopop

  • ultimate_bulletin_board
CWE
NVD-CWE-Other