PT-2007-4417 · Atom · Atom Photoblog

Published

2007-06-08

Updated

2017-07-29

CVE-2007-3134

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Atom PhotoBlog versions 1.0.9 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Your Name, Your Homepage, and Your Comment fields when using "Approve Comments." This can be exploited to conduct cross-site scripting (XSS) attacks.

Recommendations: For Atom PhotoBlog versions 1.0.9 and earlier, as a temporary workaround, consider disabling the "Approve Comments" feature until a patch is available. Restrict access to the Your Name, Your Homepage, and Your Comment fields to minimize the risk of exploitation. Avoid using these fields in the affected functionality until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3134

Affected Products

Atom Photoblog

PT-2007-4417 · Atom · Atom Photoblog

CVE-2007-3134

Related Identifiers

Affected Products

References · 6