2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 count parameter, and possibly the 2 next, 3 Yearthenews, and 4 mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333...
CVE-2006-2809
CVE-2006-2809 corresponds to multiple XSS vulnerabilities in ar-blog 5.2, affecting index.php via parameters (count, and possibly next, Year_the_news, mo). Root cause is improper handling/validation of user-supplied input leading to script/HTML injection. Affected component is ar-blog 5.2, index....