CVE-2006-6046

Name of the Vulnerable Software and Affected Versions eggblog version 3.1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the edit parameter to /admin/articles.php or /admin/comments.php, or the add parameter to /admin/users.php.

Recommendations For eggblog version 3.1.0, consider disabling the edit and add parameters in the affected API endpoints until a patch is available. Restrict access to /admin/articles.php, /admin/comments.php, and /admin/users.php to minimize the risk of exploitation. Avoid using the edit and add parameters in these endpoints until the issue is resolved.