CVE-2006-0473

Sažetak

Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.

Reference

http://attrition.org/pipermail/vim/2006-January/000520.html
http://evuln.com/vulns/51/
http://evuln.com/vulns/51/summary.html
http://secunia.com/advisories/18628
http://securityreason.com/securityalert/378
http://www.osvdb.org/22753
http://www.securityfocus.com/archive/1/423167/100/0/threaded
http://www.securityfocus.com/bid/16395
http://www.vupen.com/english/advisories/2006/0349
https://exchange.xforce.ibmcloud.com/vulnerabilities/24310

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:45

Objavljeno

31-01-2006 - 11:03