Executive Summary

Informations
Name CVE-2006-1205 First vendor Publication 2006-03-13
Vendor Cve Last vendor Modification 2018-10-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1205

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

Open Source Vulnerability Database (OSVDB)

Id Description
23992 myBloggie del.php post_id Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'post_id' variable upon submission to the del.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23991 myBloggie delcat.php cat_id Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat_id' variable upon submission to the delcat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23990 myBloggie add.php trackback_url Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'trackback_url' variables upon submission to the add.php script, via the POST method. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23989 myBloggie editcat.php errormsg Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'errormsg' variable upon submission to the editcat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23988 myBloggie adduser.php errormsg Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'errormsg' variable upon submission to the adduser.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23987 myBloggie edituser.php errormsg Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'errormsg' variable upon submission to the edituser.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23986 myBloggie addcat.php errormsg Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'errormsg' variable upon submission to the addcat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23975 myBloggie deluser.php 'id' Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variables upon submission to the deluser.php script, via admin.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23974 myBloggie delcomment.php Multiple Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'confirmredirect' or 'post_id' (via POST method) variables upon submission to the delcomment.php script, via index.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
23973 myBloggie upload.php Multiple Parameter XSS

myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'del' and 'message' variables upon submission to the upload.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/17048
BUGTRAQ http://www.securityfocus.com/archive/1/427182/100/0/threaded
MISC http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt
OSVDB http://www.osvdb.org/23973
http://www.osvdb.org/23974
http://www.osvdb.org/23975
http://www.osvdb.org/23986
http://www.osvdb.org/23987
http://www.osvdb.org/23988
http://www.osvdb.org/23989
http://www.osvdb.org/23990
http://www.osvdb.org/23991
http://www.osvdb.org/23992
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/25134

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2021-05-04 12:03:47
  • Multiple Updates
2021-04-22 01:04:20
  • Multiple Updates
2020-05-23 00:17:31
  • Multiple Updates
2018-10-18 21:20:01
  • Multiple Updates
2017-07-20 09:23:25
  • Multiple Updates
2016-06-28 15:39:55
  • Multiple Updates
2013-05-11 10:51:27
  • Multiple Updates