PT-2006-1624 · Pluggedout · Pluggedout Blog

Steven M. Christey

Published

2006-02-06

Updated

2018-10-19

CVE-2006-0562

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PluggedOut Blog version 1.9.9c

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the data parameter in the problem.php file.

Recommendations For PluggedOut Blog version 1.9.9c, consider restricting access to the problem.php file until a patch is available, and avoid using the data parameter in this context to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0562

Affected Products

Pluggedout Blog

PT-2006-1624 · Pluggedout · Pluggedout Blog

CVE-2006-0562

Related Identifiers

Affected Products

References · 9