CVE-2005-3264 - Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote atta

CVE-2005-3264

Summary

Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter.

References

http://irannetjob.com/content/view/141/28/
http://www.securityfocus.com/bid/15078
http://secunia.com/advisories/17175/
http://marc.info/?l=bugtraq&m=112907042504220&w=2

Vulnerable Configurations

cpe:2.3:a:zeroblog:zeroblog:1.1f:*:*:*:*:*:*:*
cpe:2.3:a:zeroblog:zeroblog:1.1f:*:*:*:*:*:*:*
cpe:2.3:a:zeroblog:zeroblog:1.2a:*:*:*:*:*:*:*
cpe:2.3:a:zeroblog:zeroblog:1.2a:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	15078
bugtraq	20051011 XSS vulnerability in Zeroblog
misc	http://irannetjob.com/content/view/141/28/
secunia	17175

Last major update

14-02-2024 - 01:17

Published

20-10-2005 - 10:02

Last modified

14-02-2024 - 01:17