Vulnerability Details : CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2001-0897
Probability of exploitation activity in the next 30 days: 0.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2001-0897
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2001-0897
-
http://marc.info/?l=bugtraq&m=100586033530341&w=2
Mailing List
-
http://marc.info/?l=bugtraq&m=100586541317940&w=2
Mailing List
Products affected by CVE-2001-0897
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.02:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:3.75:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.01:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.02:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.03:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.06:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.07:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.50:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.51:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.52:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.53:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.75:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.80:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.81:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.82:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.83:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.84:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.85:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:4.86:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.00:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.05:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:-:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.08:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.14:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.15:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.16:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.17:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.18:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.19:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.20:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.25:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.26:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.27:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.28:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.37:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:c:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:d:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:c:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.40:*:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:c:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:d:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:c:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:-:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:a:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:b:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:c:*:*:*:*:*:*
- cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:d:*:*:*:*:*:*