Lucene search

MitreCVE-2006-3514

HistoryJul 11, 2006 - 11:05 p.m.

CVE-2006-3514

2006-07-1123:05:00

mitre

web.nvd.nist.gov

cve

2006

3514

xss

vulnerabilities

php-blogger

admin

actions.php

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

Affected configurations

Nvd

Node

phpbloggerphp-bloggerMatch2.2.5

VendorProductVersionCPE
phpbloggerphp-blogger2.2.5cpe:2.3:a:phpblogger:php-blogger:2.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpblogger	php-blogger	2.2.5	cpe:2.3:a:phpblogger:php-blogger:2.2.5:::::::*

References

secunia.com/advisories/20989

securityreason.com/securityalert/1202

www.securityfocus.com/archive/1/439440/100/0/threaded

www.securityfocus.com/bid/18909

www.vupen.com/english/advisories/2006/2710

exchange.xforce.ibmcloud.com/vulnerabilities/27630

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2006-3514