PT-2006-5974 · Expblog · Expblog

Tamriel

Published

2006-10-12

Updated

2018-10-17

CVE-2006-5239

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions eXpBlog versions 0.3.5 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the query string (PHP SELF) in "kalender.php" or the captcha session code parameter in "pre details.php".

Recommendations For versions 0.3.5 and earlier, consider disabling the kalender.php and pre details.php scripts until a patch is available. Restrict access to these scripts to minimize the risk of exploitation. Avoid using the captcha session code parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2006-5239

Affected Products

Expblog

PT-2006-5974 · Expblog · Expblog

CVE-2006-5239

Weakness Enumeration

Related Identifiers

Affected Products

References · 10