Published: 14/03/2006 Updated: 18/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 480

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Mywebland

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mywebland mybloggie 2.1.2
mywebland mybloggie 2.1.3
mywebland mybloggie 2.1.3_beta

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the cont ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in th ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting us ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the co ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the contex ...

source: wwwsecurityfocuscom/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user i ...

NVD-CWE-Other http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt http://www.securityfocus.com/bid/17048 http://www.osvdb.org/23973 http://www.osvdb.org/23974 http://www.osvdb.org/23975 http://www.osvdb.org/23986 http://www.osvdb.org/23987 http://www.osvdb.org/23988 http://www.osvdb.org/23989 http://www.osvdb.org/23990 http://www.osvdb.org/23991 http://www.osvdb.org/23992 https://exchange.xforce.ibmcloud.com/vulnerabilities/25134 http://www.securityfocus.com/archive/1/427182/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/27382/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook