Lucene search

[email protected]CVE-2006-4090

HistoryAug 11, 2006 - 10:04 a.m.

CVE-2006-4090

2006-08-1110:04:00

[email protected]

web.nvd.nist.gov

cve-2006-4090

cross-site scripting

xss vulnerability

webligo bloghoster 2.2

remote attackers

web script injection

html injection

comment post

previewcomment.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the “From: part of the comment post,” probably involving the nickname parameter to previewcomment.php.

Affected configurations

NVD

Node

webligobloghosterMatch2.2

VendorProductVersionCPE
webligobloghoster2.2cpe:/a:webligo:bloghoster:2.2:::

Vendor	Product	Version	CPE
webligo	bloghoster	2.2	cpe:/a:webligo:bloghoster:2.2:::

References

secunia.com/advisories/21420

securityreason.com/securityalert/1359

www.osvdb.org/27886

www.securityfocus.com/archive/1/442706/100/0/threaded

www.securityfocus.com/bid/19457

www.vupen.com/english/advisories/2006/3236

exchange.xforce.ibmcloud.com/vulnerabilities/28304

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Related for CVE-2006-4090

nvd1 cvelist1