Vulnerabilities > CVE-2006-0346 - Input Validation vulnerability in Saral Kaushik Saralblog 1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

saral-kaushik

NVD

Published: 2006-01-21

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php.

Vulnerable Configurations

Part	Description	Count
Application	Saral_Kaushik Saral Kaushik Saralblog 1.0	1

References

http://archives.neohapsis.com/archives/bugtraq/2006-01/0372.html
http://evuln.com/vulns/40/summary.html
http://securitytracker.com/id?1015517
http://www.osvdb.org/27907
http://www.securityfocus.com/bid/16306
https://exchange.xforce.ibmcloud.com/vulnerabilities/24219