1. CVE-Search
  2. CVE-2006-5064
ID CVE-2006-5064
Summary Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:birdblog:birdblog:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:birdblog:birdblog:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:birdblog:birdblog:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:birdblog:birdblog:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:birdblog:birdblog:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:birdblog:birdblog:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:birdblog:birdblog:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:birdblog:birdblog:1.4:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 05-09-2008 - 21:11)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 20202
osvdb
  • 31367
  • 31368
  • 31369
sectrack 1017258
Last major update 05-09-2008 - 21:11
Published 28-09-2006 - 00:07
Last modified 05-09-2008 - 21:11
Back to Top