PT-2005-4077 · Zeroblog · Zeroblog
Trueend5
·
Published
2005-10-20
·
Updated
2024-02-14
·
CVE-2005-3264
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Zeroblog versions 1.1f through 1.2a
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
threadID parameter in the thread.php file.Recommendations
For Zeroblog versions 1.1f through 1.2a, avoid using the
threadID parameter in the thread.php file until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zeroblog