3 matches found
CVE-2009-4366
ScriptsEz Ez Blog 1.0 contains a cross-site scripting (XSS) vulnerability in index.php where the yr parameter in a bmonth action can be used to inject arbitrary web script/HTML. CVE-2009-4366 has CVSSv2 base score 4.3 (Medium); attack vector: Network; authentication: None; confidentiality impact:...
CVE-2009-4365
CVE-2009-4365 describes multiple cross-site request forgery (CSRF) vulnerabilities in admin.php of ScriptsEz Ez Blog 1.0. The issue allows remote attackers to hijack administrator sessions and perform actions such as adding a blog (add_blog), approving comments (approve_comment), changing adminis...
CVE-2009-4364
CVE-2009-4364 describes a Cross-site Scripting (XSS) vulnerability in the ScriptsEz Ez Blog, affecting the application’s index.php where the cname parameter can inject arbitrary web script/HTML (related to the act and id parameters). The root cause is insufficient input validation on cname. Impac...