Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0735

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0735
Last Modified 07 Mar 2011 09:30:43
Published 16 Feb 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0735

Summary

Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.

Vulnerable Systems

Application

  • Fuzzymonkey My Blog 1.0

  • Fuzzymonkey My Blog 1.2

  • Fuzzymonkey My Blog 1.21

  • Fuzzymonkey My Blog 1.22

  • Fuzzymonkey My Blog 1.23

  • Fuzzymonkey My Blog 1.3

  • Fuzzymonkey My Blog 1.31

  • Fuzzymonkey My Blog 1.4

  • Fuzzymonkey My Blog 1.5

  • Fuzzymonkey My Blog 1.51

  • Fuzzymonkey My Blog 1.52

  • Fuzzymonkey My Blog 1.6

  • Fuzzymonkey My Blog 1.61

  • Fuzzymonkey My Blog 1.62

  • Fuzzymonkey My Blog 1.63

  • Fuzzymonkey My Blog 1.64

  • M Blom Html-bbcode 1.03

  • M Blom Html-bbcode 1.04


References

BID - 16659

BUGTRAQ - 20060215 [eVuln] M. Blom HTML::BBCode perl module XSS Vulnerabilities

BUGTRAQ - 20060215 [eVuln] My Blog BBCode XSS Vulnerabilities

MISC - http://www.evuln.com/vulns/80/summary.html

SECUNIA - 18905

CONFIRM - http://fuzzymonkey.net/forum/viewtopic.php?t=856

MISC - http://evuln.com/vulns/79/summary.html

XF - myblog-bbcode-xss(24668)

VUPEN - ADV-2006-0642

VUPEN - ADV-2006-0614

SECUNIA - 18925

CONFIRM - http://menno.b10m.net/perl/HTML-BBCode/Changes

CONFIRM - http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz

CONFIRM - http://evuln.com/vulns/80/summary.html


Last Updated: 27 May 2016 10:40:45