PT-2010-5636 · Debian · Tdiary

Published

1970-01-01

Updated

2010-03-03

CVE-2010-0726

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions tdiary versions 2.2.2 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML, possibly related to the plugin tb url and plugin tb excerpt parameters. Multiple vulnerabilities in the tdiary package of Debian GNU/Linux can be exploited remotely, potentially disrupting the integrity of protected information.

Recommendations For tdiary versions 2.2.2 and earlier, consider disabling the tb-send.rb plugin until a patch is available. Restrict access to the plugin tb url and plugin tb excerpt parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2015-01595

BDU:2015-01596

BDU:2015-01597

BDU:2015-01598

BDU:2015-01599

CVE-2010-0726

DSA-2009-1

Affected Products

Tdiary

PT-2010-5636 · Debian · Tdiary

CVE-2010-0726

Weakness Enumeration

Related Identifiers

Affected Products

References · 18