Cross site scripting

2006-02-2202:02:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright’s Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the “Log” page, possibly using the ViewCommentsLog function.

CPENameOperatorVersion
web_blogeq3.5

CPE	Name	Operator	Version
	web_blog	eq	3.5

References

secunia.com/advisories/18923

securityreason.com/securityalert/522

www.evuln.com/vulns/82/summary.html

www.securityfocus.com/bid/16715

exchange.xforce.ibmcloud.com/vulnerabilities/24758