CVE-2005-1498

Name of the Vulnerable Software and Affected Versions myBloggie version 2.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in viewmode.php and index.php, which are not properly sanitized before being displayed in an error message. Specifically, the year parameter in viewmode.php and the cat id, month no, and post id parameters in index.php are vulnerable.

Recommendations For myBloggie version 2.1.1, consider disabling the vulnerable parameters year, cat id, month no, and post id in viewmode.php and index.php until a patch is available. Restrict access to the error messages that display these parameters to minimize the risk of exploitation.