Vulnerabilities (CVE)

Filtered by vendor Drumster Subscribe
Filtered by product Blogme
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5975 1 Drumster 1 Blogme 2024-02-04 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
CVE-2006-5976 1 Drumster 1 Blogme 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
CVE-2007-2661 1 Drumster 1 Blogme 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.