PT-2006-1476 · Pixelpost · Pixelpost Photoblog

Aliaksandr Hartsuyeu

Published

2006-01-25

Updated

2018-10-19

CVE-2006-0409

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pixelpost Photoblog version 1.4.3

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Add Comment field in a comment popup. This occurs in the index.php file.

Recommendations For Pixelpost Photoblog version 1.4.3, consider disabling the comment popup feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the index.php file to minimize the risk of arbitrary web script or HTML injection. Avoid using the Add Comment field in the comment popup until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0409

Affected Products

Pixelpost Photoblog

PT-2006-1476 · Pixelpost · Pixelpost Photoblog

CVE-2006-0409

Related Identifiers

Affected Products

References · 10