ID CVE-2006-0239 Type cve Reporter NVD Modified 2017-07-19T21:29:34
Description
Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts.
{"result": {"osvdb": [{"id": "OSVDB:22448", "type": "osvdb", "title": "SimpleBlog comments.asp Comment Field XSS", "description": "## Vulnerability Description\nSimpleBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comments.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nSimpleBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comments.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.8pixel.net/?pageID=2\n[Secunia Advisory ID:18488](https://secuniaresearch.flexerasoftware.com/advisories/18488/)\n[Related OSVDB ID: 22447](https://vulners.com/osvdb/OSVDB:22447)\nOther Advisory URL: http://www.hackerscenter.com/archive/view.asp?id=21926\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0305.html\nFrSIRT Advisory: ADV-2006-0194\n[CVE-2006-0239](https://vulners.com/cve/CVE-2006-0239)\nBugtraq ID: 16243\n", "published": "2006-01-15T06:33:24", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:22448", "cvelist": ["CVE-2006-0239"], "lastseen": "2017-04-28T13:20:19"}]}}