Lucene search
K
Chipmunk ScriptsChipmunk Blogger

4 matches found

CVE
CVE
added 2008/07/15 10:0 p.m.51 views

CVE-2008-3186

Chipmunk Blog (Blogger) contains cross-site scripting (XSS) vulnerabilities in the membername parameter of five PHP scripts (members.php, comments.php, photos.php, archive.php, cat.php). Root cause: improper handling of user-supplied membername leads to script/HTML injection. Impact: allows remot...

4.3CVSS5.7AI score0.01218EPSS
CVE
CVE
added 2007/02/24 12:0 a.m.41 views

CVE-2006-7043

CVE-2006-7043 describes multiple XSS vulnerabilities in Chipmunk Blogger. Remote authenticated users can inject arbitrary script/HTML via (1) posts, (2) profile names, and (3) a javascript: URI in a URL argument in the photo gallery. The NVD notes a low base score (3.5) with attack vector Network...

3.5CVSS5.7AI score0.00842EPSS
CVE
CVE
added 2009/02/03 7:0 p.m.41 views

CVE-2009-0399

Chipmunk Blogger Script is affected by CVE-2009-0399. The vulnerability allows remote attackers to gain administrator privileges by issuing a direct request to admin/reguser.php. This is described as a privilege escalation in the affected script, contingent on the administrator not properly follo...

7.5CVSS7.1AI score0.02334EPSS
CVE
CVE
added 2009/02/03 7:0 p.m.38 views

CVE-2009-0403

CVE-2009-0403 concerns a SQL injection vulnerability in the Chipmunk Blogger Script, specifically in admin/authenticate.php. The flaw allows remote attackers to inject SQL commands through the (1) username and (2) password parameters, enabling arbitrary SQL execution. The connected documents prov...

7.5CVSS8.8AI score0.01147EPSS
Web