CVE-2011-1670

Current Description

Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.

Basic Data

PublishedApril 10, 2011
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationA.kulikovInterra Blog Machine1.84*******

Vulnerable Software List

VendorProductVersions
A.kulikov Interra Blog Machine 1.84

References

NameSourceURLTags
8195http://securityreason.com/securityalert/8195SREASON
17098http://www.exploit-db.com/exploits/17098EXPLOIT-DBExploit
http://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_interra_blog_machine.htmlMISC
20110331 HTB22931: XSS vulnerability in InTerra Blog Machinehttp://www.securityfocus.com/archive/1/517271/100/0/threadedBUGTRAQ
47104http://www.securityfocus.com/bid/47104BIDExploit
interrablogmachine-subject-xss(66562)https://exchange.xforce.ibmcloud.com/vulnerabilities/66562XF