CVE-2006-0562 - Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote atta

CVE-2006-0562

Summary

Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.

References

http://attrition.org/pipermail/vim/2006-February/000530.html
http://hamid.ir/security/pluggedoutblog.txt
http://secunia.com/advisories/18726
http://securitytracker.com/id?1015586
http://www.osvdb.org/22927
http://www.securityfocus.com/archive/1/423948/100/0/threaded
http://www.vupen.com/english/advisories/2006/0440
https://exchange.xforce.ibmcloud.com/vulnerabilities/24482

Vulnerable Configurations

cpe:2.3:a:pluggedout:pluggedout_blog:1.9.9c:*:*:*:*:*:*:*
cpe:2.3:a:pluggedout:pluggedout_blog:1.9.9c:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20060204 PluggedOut Blog SQL injection and XSS
misc	http://hamid.ir/security/pluggedoutblog.txt
osvdb	22927
sectrack	1015586
secunia	18726
vim	20060206 VERIFY Pluggedout Blog 1.9.9c problem.php XSS
vupen	ADV-2006-0440
xf	pluggedoutblog-problem-xss(24482)

Last major update

19-10-2018 - 15:45

Published

06-02-2006 - 23:02

Last modified

19-10-2018 - 15:45