← back
CVE-2005-1498

CVE-2005-1498

EPSS 3.6%
Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/25612unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=111531904608224&w=2http://mywebland.com/forums/viewtopic.php?t=180https://exchange.xforce.ibmcloud.com/vulnerabilities/20434https://exchange.xforce.ibmcloud.com/vulnerabilities/20436http://www.securityfocus.com/bid/13507