CVE-2006-3514

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20989
http://securityreason.com/securityalert/1202
http://www.securityfocus.com/archive/1/439440/100/0/threaded
http://www.securityfocus.com/bid/18909
http://www.vupen.com/english/advisories/2006/2710
https://exchange.xforce.ibmcloud.com/vulnerabilities/27630

Configurations

Configuration 1 (hide)

cpe:2.3:a:phpblogger:php-blogger:2.2.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-07-11 23:05

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3514

Mitre link : CVE-2006-3514

CVE.ORG link : CVE-2006-3514

JSON object : View

Products Affected

phpblogger

php-blogger

CWE

NVD-CWE-Other

{"id": "CVE-2006-3514", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-11T23:05:00.000", "references": [{"url": "http://secunia.com/advisories/20989", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1202", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/439440/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18909", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2710", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27630", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/actions.php de PHP-Blogger 2.2.5 y posiblemente versiones anteriores, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de loos par\u00e1metros (1) name, (2) title, (3) news, (4) description y (5) sitename."}], "lastModified": "2018-10-18T16:47:46.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpblogger:php-blogger:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D5AB1C4-3FA7-4906-A6D1-C2C9FE044339"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}