CVE-2006-1205
CVE-2006-1205
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
Affected products
n/a · n/apublic PoCs found — 10
exploitdbwww.exploit-db.com/exploits/27383unverifiedexploitdbwww.exploit-db.com/exploits/27385unverifiedexploitdbwww.exploit-db.com/exploits/27389unverifiedexploitdbwww.exploit-db.com/exploits/27388unverifiedexploitdbwww.exploit-db.com/exploits/27381unverifiedexploitdbwww.exploit-db.com/exploits/27382unverifiedexploitdbwww.exploit-db.com/exploits/27386unverifiedexploitdbwww.exploit-db.com/exploits/27384unverifiedexploitdbwww.exploit-db.com/exploits/27387unverifiedexploitdbwww.exploit-db.com/exploits/27380unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://exchange.xforce.ibmcloud.com/vulnerabilities/25134http://www.osvdb.org/23973http://www.osvdb.org/23974http://www.osvdb.org/23975http://www.osvdb.org/23986http://www.osvdb.org/23987http://www.osvdb.org/23988http://www.osvdb.org/23989http://www.osvdb.org/23990http://www.osvdb.org/23991http://www.osvdb.org/23992http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt