CVE-2006-5064

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Reference

http://securitytracker.com/id?1017258
http://www.osvdb.org/31367
http://www.osvdb.org/31368
http://www.osvdb.org/31369
http://www.securityfocus.com/bid/20202

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-09-2008 - 21:11

Objavljeno

28-09-2006 - 00:07