Lucene search

K
cve[email protected]CVE-2006-0735
HistoryFeb 16, 2006 - 11:02 a.m.

CVE-2006-0735

2006-02-1611:02:00
web.nvd.nist.gov
24
cve-2006-0735
xss
remote code injection
html::bbcode
security vulnerability

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.5%

Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.

Affected configurations

NVD
Node
fuzzymonkeymy_blogMatch1.0
OR
fuzzymonkeymy_blogMatch1.2
OR
fuzzymonkeymy_blogMatch1.3
OR
fuzzymonkeymy_blogMatch1.4
OR
fuzzymonkeymy_blogMatch1.5
OR
fuzzymonkeymy_blogMatch1.6
OR
fuzzymonkeymy_blogMatch1.21
OR
fuzzymonkeymy_blogMatch1.22
OR
fuzzymonkeymy_blogMatch1.23
OR
fuzzymonkeymy_blogMatch1.31
OR
fuzzymonkeymy_blogMatch1.51
OR
fuzzymonkeymy_blogMatch1.52
OR
fuzzymonkeymy_blogMatch1.61
OR
fuzzymonkeymy_blogMatch1.62
OR
fuzzymonkeymy_blogMatch1.63
OR
fuzzymonkeymy_blogMatch1.64
OR
m_blomhtml-bbcodeMatch1.03
OR
m_blomhtml-bbcodeMatch1.04

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

83.5%

Related for CVE-2006-0735