ID CVE-2006-4829
Summary Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post. This vulnerability is addressed in the following product release: Blojsom, Blojsom, 2.32
References
Vulnerable Configurations
  • cpe:2.3:a:blojsom:blojsom:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:blojsom:blojsom:2.31:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2007-03-13
bid 20026
bugtraq 20060914 XSS vulnerability in Blojsom
cert TA07-072A
cert-vn VU#425861
confirm http://docs.info.apple.com/article.html?artnum=305214
secunia
  • 21935
  • 24479
sreason 1594
vupen
  • ADV-2006-3633
  • ADV-2007-0930
xf blojsom-formfields-xss(28951)
Last major update 17-10-2018 - 21:39
Published 15-09-2006 - 22:07
Back to Top