VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 15, 2001· Updated Apr 16, 2026

CVE-2001-0897

CVE-2001-0897

Description

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

Affected products

110
  • Infopop/Ultimate Bulletin Board110 versions
    cpe:2.3:a:infopop:ultimate_bulletin_board:-:*:*:*:*:*:*:*+ 109 more
    • cpe:2.3:a:infopop:ultimate_bulletin_board:-:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.01:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.02:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.03:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.04:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.05:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.01:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.02:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:3.75:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.01:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.02:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.03:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.04:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.05:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.06:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.07:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.50:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.51:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.52:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.53:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.75:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.80:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.81:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.82:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.83:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.84:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.85:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:4.86:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.00:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.01:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.02:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.05:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.06:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.07:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.08:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.09:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.25:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.26:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.27:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.28:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.29:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.30:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.31:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.32:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.33:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.34:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.35:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.36:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.37:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:c:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.38:d:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.39:c:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.40:*:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.41:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.42:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:c:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.43:d:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.44:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.45:c:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.46:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:-:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:a:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:b:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:c:*:*:*:*:*:*
    • cpe:2.3:a:infopop:ultimate_bulletin_board:5.47:d:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.