Published: 10/04/2011 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the subject parameter to post_url/edit.

Vulnerable Product	Search on Vulmon	Subscribe to Product
a.kulikov interra blog machine 1.84

Vulnerability ID: HTB22931 Reference: wwwhtbridgech/advisory/xss_vulnerability_in_interra_blog_machin ehtml Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team ( codegooglecom/p/interra/ ) Vulnerable Version: 184 and probably prior versions Vendor Notification: 31 March 2011 Vulnerability Type: Stored XSS (Cross Site ...

source: wwwsecurityfocuscom/bid/47104/info InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker ...

CWE-79 http://www.securityfocus.com/bid/47104 http://www.exploit-db.com/exploits/17098 http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.html http://securityreason.com/securityalert/8195 https://exchange.xforce.ibmcloud.com/vulnerabilities/66562 http://www.securityfocus.com/archive/1/517271/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/17098/

CVE-2011-1670

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect