Published: 10/03/2006 Updated: 20/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sblog sblog 0.7.2

source: wwwsecurityfocuscom/bid/17044/info sBlog is prone to HTML-injection vulnerabilities The application fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the thef ...

source: wwwsecurityfocuscom/bid/17044/info sBlog is prone to HTML-injection vulnerabilities The application fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft ...

NVD-CWE-Other http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt http://secunia.com/advisories/19151 http://www.securityfocus.com/bid/17044 http://www.osvdb.org/23759 http://www.osvdb.org/23760 http://www.vupen.com/english/advisories/2006/0883 https://exchange.xforce.ibmcloud.com/vulnerabilities/25111 https://nvd.nist.gov https://www.exploit-db.com/exploits/27375/

CVE-2006-1135

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect