CVE-2001-0897 | Cross-Site Scripting Vulnerability

Description

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

Products

Infopop Ultimate Bulletin Board (UBB)
Infopop Ultimate Bulletin Board (UBB) 1.0
Infopop Ultimate Bulletin Board (UBB) 2.01
Infopop Ultimate Bulletin Board (UBB) 2.02
Infopop Ultimate Bulletin Board (UBB) 2.03
Infopop Ultimate Bulletin Board (UBB) 2.04
Infopop Ultimate Bulletin Board (UBB) 2.05
Infopop Ultimate Bulletin Board (UBB) 2.0
Infopop Ultimate Bulletin Board (UBB) 2.10
Infopop Ultimate Bulletin Board (UBB) 2.11
Infopop Ultimate Bulletin Board (UBB) 3.01
Infopop Ultimate Bulletin Board (UBB) 3.02
Infopop Ultimate Bulletin Board (UBB) 3.0
Infopop Ultimate Bulletin Board (UBB) 3.5
Infopop Ultimate Bulletin Board (UBB) 3.6
Infopop Ultimate Bulletin Board (UBB) 3.75
Infopop Ultimate Bulletin Board (UBB) 3.7
Infopop Ultimate Bulletin Board (UBB) 4.01
Infopop Ultimate Bulletin Board (UBB) 4.02
Infopop Ultimate Bulletin Board (UBB) 4.03
Infopop Ultimate Bulletin Board (UBB) 4.04
Infopop Ultimate Bulletin Board (UBB) 4.05
Infopop Ultimate Bulletin Board (UBB) 4.06
Infopop Ultimate Bulletin Board (UBB) 4.07
Infopop Ultimate Bulletin Board (UBB) 4.0
Infopop Ultimate Bulletin Board (UBB) 4.50
Infopop Ultimate Bulletin Board (UBB) 4.51
Infopop Ultimate Bulletin Board (UBB) 4.52
Infopop Ultimate Bulletin Board (UBB) 4.53
Infopop Ultimate Bulletin Board (UBB) 4.75
Infopop Ultimate Bulletin Board (UBB) 4.80
Infopop Ultimate Bulletin Board (UBB) 4.81
Infopop Ultimate Bulletin Board (UBB) 4.82
Infopop Ultimate Bulletin Board (UBB) 4.83
Infopop Ultimate Bulletin Board (UBB) 4.84
Infopop Ultimate Bulletin Board (UBB) 4.85
Infopop Ultimate Bulletin Board (UBB) 4.86
Infopop Ultimate Bulletin Board (UBB) 5.00
Infopop Ultimate Bulletin Board (UBB) 5.01
Infopop Ultimate Bulletin Board (UBB) 5.02
Infopop Ultimate Bulletin Board (UBB) 5.05
Infopop Ultimate Bulletin Board (UBB) 5.05a
Infopop Ultimate Bulletin Board (UBB) 5.06
Infopop Ultimate Bulletin Board (UBB) 5.06a
Infopop Ultimate Bulletin Board (UBB) 5.07
Infopop Ultimate Bulletin Board (UBB) 5.08
Infopop Ultimate Bulletin Board (UBB) 5.09
Infopop Ultimate Bulletin Board (UBB) 5.10
Infopop Ultimate Bulletin Board (UBB) 5.11
Infopop Ultimate Bulletin Board (UBB) 5.12
Infopop Ultimate Bulletin Board (UBB) 5.13
Infopop Ultimate Bulletin Board (UBB) 5.14
Infopop Ultimate Bulletin Board (UBB) 5.15
Infopop Ultimate Bulletin Board (UBB) 5.16
Infopop Ultimate Bulletin Board (UBB) 5.17
Infopop Ultimate Bulletin Board (UBB) 5.18
Infopop Ultimate Bulletin Board (UBB) 5.19
Infopop Ultimate Bulletin Board (UBB) 5.20
Infopop Ultimate Bulletin Board (UBB) 5.25
Infopop Ultimate Bulletin Board (UBB) 5.26
Infopop Ultimate Bulletin Board (UBB) 5.27
Infopop Ultimate Bulletin Board (UBB) 5.28
Infopop Ultimate Bulletin Board (UBB) 5.29
Infopop Ultimate Bulletin Board (UBB) 5.29a
Infopop Ultimate Bulletin Board (UBB) 5.29b
Infopop Ultimate Bulletin Board (UBB) 5.30
Infopop Ultimate Bulletin Board (UBB) 5.30a
Infopop Ultimate Bulletin Board (UBB) 5.31
Infopop Ultimate Bulletin Board (UBB) 5.32
Infopop Ultimate Bulletin Board (UBB) 5.33
Infopop Ultimate Bulletin Board (UBB) 5.34
Infopop Ultimate Bulletin Board (UBB) 5.34a
Infopop Ultimate Bulletin Board (UBB) 5.35
Infopop Ultimate Bulletin Board (UBB) 5.36
Infopop Ultimate Bulletin Board (UBB) 5.36a
Infopop Ultimate Bulletin Board (UBB) 5.37
Infopop Ultimate Bulletin Board (UBB) 5.38
Infopop Ultimate Bulletin Board (UBB) 5.38a
Infopop Ultimate Bulletin Board (UBB) 5.38b
Infopop Ultimate Bulletin Board (UBB) 5.38c
Infopop Ultimate Bulletin Board (UBB) 5.38d
Infopop Ultimate Bulletin Board (UBB) 5.39
Infopop Ultimate Bulletin Board (UBB) 5.39a
Infopop Ultimate Bulletin Board (UBB) 5.39b
Infopop Ultimate Bulletin Board (UBB) 5.39c
Infopop Ultimate Bulletin Board (UBB) 5.40
Infopop Ultimate Bulletin Board (UBB) 5.41
Infopop Ultimate Bulletin Board (UBB) 5.41a
Infopop Ultimate Bulletin Board (UBB) 5.41b
Infopop Ultimate Bulletin Board (UBB) 5.42
Infopop Ultimate Bulletin Board (UBB) 5.42a
Infopop Ultimate Bulletin Board (UBB) 5.43
Infopop Ultimate Bulletin Board (UBB) 5.43a
Infopop Ultimate Bulletin Board (UBB) 5.43b
Infopop Ultimate Bulletin Board (UBB) 5.43c
Infopop Ultimate Bulletin Board (UBB) 5.43d
Infopop Ultimate Bulletin Board (UBB) 5.44
Infopop Ultimate Bulletin Board (UBB) 5.44a
Infopop Ultimate Bulletin Board (UBB) 5.44b
Infopop Ultimate Bulletin Board (UBB) 5.45
Infopop Ultimate Bulletin Board (UBB) 5.45a
Infopop Ultimate Bulletin Board (UBB) 5.45b
Infopop Ultimate Bulletin Board (UBB) 5.45c
Infopop Ultimate Bulletin Board (UBB) 5.46
Infopop Ultimate Bulletin Board (UBB) 5.46a
Infopop Ultimate Bulletin Board (UBB) 5.47
Infopop Ultimate Bulletin Board (UBB) 5.47a
Infopop Ultimate Bulletin Board (UBB) 5.47b
Infopop Ultimate Bulletin Board (UBB) 5.47c
Infopop Ultimate Bulletin Board (UBB) 5.47d

Questions to Ask Vendors

Can you confirm whether your systems are affected by CVE-2001-0897, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2001-0897 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

Check out the advisory links provided below.

References

https://nvd.nist.gov/vuln/detail/CVE-2001-0897

PUBLISHED DATE: November 15, 2001CVE-2001-0897:
Cross-Site Scripting Vulnerability

CVSS:

EPSS:

Exploitability:

In KEV:

Description

Products

Questions to Ask Vendors

Recommended Actions

References

Ready to get results you can trust?