PT-2006-3738 · Hotwebscripts.Com · Weblog Oggi
Luny
·
Published
2006-06-05
·
Updated
2018-10-18
·
CVE-2006-2820
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
HotWebScripts.com Weblog Oggi version 1.0
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML, possibly by using a javascript URI in the SRC attribute of an IMG element, via a comment.
Recommendations
For version 1.0, consider disabling the comment feature until a patch is available to prevent exploitation of this issue. Restrict access to the SRC attribute of an IMG element to minimize the risk of arbitrary script injection.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Weblog Oggi