6 matches found
EUVD-2006-4843
Malware in sbrugna...
Roller Weblogger contains a cross-site scripting vulnerability
Overview A cross-site scripting vulnerability in Roller Weblogger may allow an attacker to read or modify data in web pages and cookies. Description There is a cross-site scripting vulnerability in the way that Roller handles data supplied in the comments section of a web page running the Roller...
CVE-2006-4856
Multiple cross-site scripting XSS vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, or 3 url parameters; 4 certain content parameters in the preview method; or 5 the q parameter in a sitesearch.do...
CVE-2006-4856
Multiple cross-site scripting XSS vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, or 3 url parameters; 4 certain content parameters in the preview method; or 5 the q parameter in a sitesearch.do...
CVE-2006-4856
CVE-2006-4856 describes multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3. The issue affects input handling through parameters such as name, email, url, content in preview, and q in sitesearch.do, allowing injection of arbitrary script/HTML. CERT notes a fix in Roller We...
Roller Weblogger XSS vulnerability
I. BACKGROUND Roller is the open source blog server that drives Sun Microsystem's blogs.sun.com employee blogging site, IBM DeveloperWorks blogs, thousands of internal blogs at IBM Blog Central, the Javalobby's 10,000 user strong JRoller Java community site, and hundreds of other blogs world-wide...