PT-2007-1281 · Wheatblog · Wheatblog

Published

2007-02-12

Updated

2008-11-15

CVE-2006-7002

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Wheatblog (wB) version 1.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the Email field in the add comment.php file.

Recommendations For Wheatblog (wB) version 1.1, consider restricting access to the add comment.php file or validating and sanitizing user input in the Email field to prevent XSS attacks. As a temporary workaround, consider disabling the Email field in the add comment.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-7002

Affected Products

Wheatblog

PT-2007-1281 · Wheatblog · Wheatblog

CVE-2006-7002

Related Identifiers

Affected Products

References · 3