Published: 25/07/2008 Updated: 19/10/2017

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote malicious users to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tuxplanet bilboblog 0.2.1

------------------------------------------------------------------ Name : Bilboblog 21 Multiples Vulnerabilities Description : Bilboblog is a small application of micro-blogging in Php / MySQL Link : wwwtux-planetfr/bilboblog-version-021-english-translation/ Vuln types : Login Bypass - Cross Site Scr ...

CWE-79 http://www.securityfocus.com/bid/30228 http://secunia.com/advisories/31054 https://exchange.xforce.ibmcloud.com/vulnerabilities/43764 https://www.exploit-db.com/exploits/6073 https://nvd.nist.gov https://www.exploit-db.com/exploits/6073/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-3301

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect