Published: 18/01/2008 Updated: 19/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.

Affected Products

Vendor Product Versions
Blog CmsBlog Cms4.2.1 C


Digital Security Research Group [DSecRG] Advisory #DSECRG-08-003 Application: Blogcms Versions Affected: Blogcms 421b Vendor URL: blogcmscom/ Bugs: SQL Injestions, SiXSS, XSS Exploits: YES Reported: 15012008 ...