3 matches found
CVE-2005-1288
The vulnerability CVE-2005-1288 affects ACS Blog 0.8 through 1.1.3, where attackers can gain administrator privileges by manipulating the value of the in cookie. Affected component: login/authentication flow (inc_login_check.asp). Root cause: insecure cookie handling that allows privilege escalat...
CVE-2005-0945
CVE-2005-0945 describes a stored/reflected Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1, where remote attackers can inject arbitrary script via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. The NVD entry lists a base score of 4.3 (Medium) with network attack v...
CVE-2005-0802
CVE-2005-0802 concerns a cross-site scripting (XSS) vulnerability in the search.asp handler of ACS Blog versions 0.8 through 1.1b. The issue allows remote attackers to inject and execute arbitrary web script or HTML via the search parameter, potentially impacting users viewing search results. The...