PT-2006-3798 · Pyblosxom · Pyblosxom
Publicado
2006-06-07
·
Atualizado
2017-07-20
·
CVE-2006-2880
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PyBlosxom versions 1.2.2 and earlier
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the
url and author fields in the Comments plugin.Recommendations
For PyBlosxom versions 1.2.2 and earlier, as a temporary workaround, consider disabling the Comments plugin until a patch is available. Restrict access to the Comments plugin to minimize the risk of exploitation. Avoid using the
url and author fields in the affected plugin until the issue is resolved.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Pyblosxom