CVE-2006-3953

Name: CVE-2006-3953
Creator: NVD / NIST
Published: 2006-08-01T21:04:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.17%

Last modified Jun 16, 2026

CVE-2006-3953 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.. EPSS estimates a 1.17% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

Metrics

EPSS Probability

1.17%

63.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Mybulletinboard	Mybulletinboard	1.0.1
Mybulletinboard	Mybulletinboard	1.0.2
Mybulletinboard	Mybulletinboard	1.0.3
Mybulletinboard	Mybulletinboard	1.0.4
Mybulletinboard	Mybulletinboard	1.0_final
Mybulletinboard	Mybulletinboard	1.0_pr2
Mybulletinboard	Mybulletinboard	1.0_preview_release_2
Mybulletinboard	Mybulletinboard	1.00_rc1
Mybulletinboard	Mybulletinboard	1.00_rc2
Mybulletinboard	Mybulletinboard	1.0_rc2
Mybulletinboard	Mybulletinboard	1.00_rc3
Mybulletinboard	Mybulletinboard	1.0_rc4
Mybulletinboard	Mybulletinboard	1.00_rc4
Mybulletinboard	Mybulletinboard	1.00_rc4_security_patch
Mybulletinboard	Mybulletinboard	1.01
Mybulletinboard	Mybulletinboard	1.1
Mybulletinboard	Mybulletinboard	1.1.1
Mybulletinboard	Mybulletinboard	1.1.2
Mybulletinboard	Mybulletinboard	1.1.3
Mybulletinboard	Mybulletinboard	1.1.4
Mybulletinboard	Mybulletinboard	1.1.5
Mybulletinboard	Mybulletinboard	1.1.7
Mybulletinboard	Mybulletinboard	1.04
Mybulletinboard	Mybulletinboard	1.10
Mybulletinboard	Mybulletinboard	1.14
Mybulletinboard	Mybulletinboard	1.20

References

Timeline

Published: Aug 1, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3953?

Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

How severe is CVE-2006-3953?

Severity scoring for CVE-2006-3953 is pending analysis. The EPSS model estimates a 1.17% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3953?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3953?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST