PT-2006-3798 · Pyblosxom · Pyblosxom

Published

2006-06-07

Updated

2017-07-20

CVE-2006-2880

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PyBlosxom versions 1.2.2 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the url and author fields in the Comments plugin.

Recommendations For PyBlosxom versions 1.2.2 and earlier, as a temporary workaround, consider disabling the Comments plugin until a patch is available. Restrict access to the Comments plugin to minimize the risk of exploitation. Avoid using the url and author fields in the affected plugin until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2880

Affected Products

Pyblosxom

PT-2006-3798 · Pyblosxom · Pyblosxom

CVE-2006-2880

Related Identifiers

Affected Products

References · 6