Published: 05/10/2006 Updated: 17/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 695

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote malicious users to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yblog yblog

source: wwwsecurityfocuscom/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may all ...

source: wwwsecurityfocuscom/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may a ...

source: wwwsecurityfocuscom/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may ...

NVD-CWE-Other http://www.attrition.org/pipermail/vim/2006-October/001065.html http://www.securityfocus.com/bid/20280 http://securityreason.com/securityalert/1679 https://exchange.xforce.ibmcloud.com/vulnerabilities/29291 http://www.securityfocus.com/archive/1/447427/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28732/

CVE-2006-5146

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect