1. CVE-Search
  2. CVE-2006-1377
ID CVE-2006-1377
Summary Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:comoblog_project:comoblog:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:comoblog_project:comoblog:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:easymoblog:easymoblog:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:easymoblog:easymoblog:0.5.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 24-03-2020 - 12:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 17199
  • 17201
bugtraq 20060323 [KAPDA::#37] - CoMoblog XSS
misc http://www.kapda.ir/advisory-301.html
osvdb
  • 24093
  • 24094
sectrack 1015824
secunia
  • 19370
  • 19379
vupen
  • ADV-2006-1086
  • ADV-2006-1087
xf
  • comoblog-img-xss(25416)
  • easymoblog-img-xss(25420)
Last major update 24-03-2020 - 12:49
Published 24-03-2006 - 02:02
Last modified 24-03-2020 - 12:49
Back to Top