Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1205

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-1205
Last Modified 05 Sep 2008 05:01:17
Published 13 Mar 2006 08:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1205

Summary

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.

Vulnerable Systems

Application

  • Mywebland Mybloggie 2.1.2

  • Mywebland Mybloggie 2.1.3

  • Mywebland Mybloggie 2.1.3 Beta


References

XF - mybloggie-index-admin-xss(25134)

BID - 17048

BUGTRAQ - 20060309 MyBloggie: Multiple XSS Vulnerabilities

MISC - http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt

OSVDB - 23992

OSVDB - 23991

OSVDB - 23990

OSVDB - 23989

OSVDB - 23988

OSVDB - 23987

OSVDB - 23986

OSVDB - 23975

OSVDB - 23974

OSVDB - 23973


Last Updated: 27 May 2016 10:41:58