Lucene search

[email protected]CVE-2011-5029

HistoryDec 29, 2011 - 10:55 p.m.

CVE-2011-5029

2011-12-2922:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2011

5029

cross-site scripting

xss

simple php blog

web security

vulnerability

nvd

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry parameter to delete.php or (2) category parameter to index.php.

CPENameOperatorVersion
alexander_palmo:simple_php_blogalexander palmo simple php blogle0.7.0

CPE	Name	Operator	Version
alexander_palmo:simple_php_blog	alexander palmo simple php blog	le	0.7.0

References

osvdb.org/77696

osvdb.org/77697

secunia.com/advisories/46893

exchange.xforce.ibmcloud.com/vulnerabilities/71821

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON

Related for CVE-2011-5029

cvelist1 prion1