4 matches found
CVE-2008-3186
Chipmunk Blog (Blogger) contains cross-site scripting (XSS) vulnerabilities in the membername parameter of five PHP scripts (members.php, comments.php, photos.php, archive.php, cat.php). Root cause: improper handling of user-supplied membername leads to script/HTML injection. Impact: allows remot...
CVE-2006-7043
CVE-2006-7043 describes multiple XSS vulnerabilities in Chipmunk Blogger. Remote authenticated users can inject arbitrary script/HTML via (1) posts, (2) profile names, and (3) a javascript: URI in a URL argument in the photo gallery. The NVD notes a low base score (3.5) with attack vector Network...
CVE-2009-0399
Chipmunk Blogger Script is affected by CVE-2009-0399. The vulnerability allows remote attackers to gain administrator privileges by issuing a direct request to admin/reguser.php. This is described as a privilege escalation in the affected script, contingent on the administrator not properly follo...
CVE-2009-0403
CVE-2009-0403 concerns a SQL injection vulnerability in the Chipmunk Blogger Script, specifically in admin/authenticate.php. The flaw allows remote attackers to inject SQL commands through the (1) username and (2) password parameters, enabling arbitrary SQL execution. The connected documents prov...