CVE-2006-0735 - Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as u

CVE-2006-0735

Summary

Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.

References

Vulnerable Configurations

cpe:2.3:a:fuzzymonkey:my_blog:1.0:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.0:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.2:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.2:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.3:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.4:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.4:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.5:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.5:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.6:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.6:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.21:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.21:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.22:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.22:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.23:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.23:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.31:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.31:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.51:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.51:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.52:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.52:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.61:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.61:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.62:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.62:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.63:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.63:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.64:*:*:*:*:*:*:*
cpe:2.3:a:fuzzymonkey:my_blog:1.64:*:*:*:*:*:*:*
cpe:2.3:a:m_blom:html-bbcode:1.03:*:*:*:*:*:*:*
cpe:2.3:a:m_blom:html-bbcode:1.03:*:*:*:*:*:*:*
cpe:2.3:a:m_blom:html-bbcode:1.04:*:*:*:*:*:*:*
cpe:2.3:a:m_blom:html-bbcode:1.04:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16659
bugtraq	20060215 [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities 20060215 [eVuln] My Blog BBCode XSS Vulnerabilities
confirm	http://evuln.com/vulns/80/summary.html http://fuzzymonkey.net/forum/viewtopic.php?t=856 http://menno.b10m.net/perl/HTML-BBCode/Changes http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz
misc	http://evuln.com/vulns/79/summary.html http://www.evuln.com/vulns/80/summary.html
secunia	18905 18925
vupen	ADV-2006-0614 ADV-2006-0642
xf	myblog-bbcode-xss(24668)

Last major update

19-10-2018 - 15:45

Published

16-02-2006 - 11:02

Last modified

19-10-2018 - 15:45