CVE-2006-5239

Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php.

Score4.3
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE
Published2006-10-11 08:07:00.000-04
Last Modified2018-10-17 05:41:50.000-04

Vulnerable Software List

VendorProductVersions
Expblog Expblog 0.3.5

References

SourceLink
FULLDISC20061009 eXpBlog <= 0.3.5 Cross Site Scripting
SECTRACK1017028
MISChttp://www.expblog.de/board/viewtopic.php?t=317
BUGTRAQ20061009 eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities
BID20420
VUPENADV-2006-3973
XFexpblog-multiple-xss(29409)