PT-2006-1893 · Leif M. Wright · Leif M. Wright'S Blog

Aliaksandr Hartsuyeu

Published

2006-02-22

Updated

2017-07-20

CVE-2006-0846

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Leif M. Wright's Blog version 3.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via the Referer and User-Agent HTTP headers. These headers are stored in a log file and are not sanitized when the administrator views the "Log" page. This could be related to the use of the ViewCommentsLog function.

Recommendations For Leif M. Wright's Blog version 3.5, consider sanitizing the Referer and User-Agent HTTP headers before storing them in the log file or viewing the "Log" page to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the "Log" page to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0846

Affected Products

Leif M. Wright'S Blog

PT-2006-1893 · Leif M. Wright · Leif M. Wright'S Blog

CVE-2006-0846

Related Identifiers

Affected Products

References · 6