CVE-2006-5146 - Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitr

CVE-2006-5146

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.

References

http://securityreason.com/securityalert/1679
http://www.attrition.org/pipermail/vim/2006-October/001065.html
http://www.securityfocus.com/archive/1/447427/100/0/threaded
http://www.securityfocus.com/bid/20280
https://exchange.xforce.ibmcloud.com/vulnerabilities/29291

Vulnerable Configurations

cpe:2.3:a:yblog:yblog:*:*:*:*:*:*:*:*
cpe:2.3:a:yblog:yblog:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-10-2018 - 21:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	20280
bugtraq	20060930 Yblog => Cross Site Scripting
sreason	1679
vim	20061002 yblog: distributable product
xf	yblog-multiple-xss(29291)

Last major update

17-10-2018 - 21:41

Published

05-10-2006 - 04:04

Last modified

17-10-2018 - 21:41