Vulnerabilities > CVE-2006-1205 - Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
mywebland
exploit available
NVD
Published: 2006-03-14
Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.

Vulnerable Configurations

Part Description Count
Application
Mywebland
3

Exploit-Db

  • descriptionmyBloggie 2.1.2/2.1.3 del.php post_id Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27389
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27389/
    titlemyBloggie 2.1.2/2.1.3 del.php post_id Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 addcat.php errormsg Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27383
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27383/
    titlemyBloggie 2.1.2/2.1.3 addcat.php errormsg Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 upload.php Multiple Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27380
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27380/
    titlemyBloggie 2.1.2/2.1.3 upload.php Multiple Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 edituser.php errormsg Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27384
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27384/
    titlemyBloggie 2.1.2/2.1.3 edituser.php errormsg Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 delcat.php cat_id Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27388
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27388/
    titlemyBloggie 2.1.2/2.1.3 delcat.php cat_id Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 adduser.php errormsg Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27385
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27385/
    titlemyBloggie 2.1.2/2.1.3 adduser.php errormsg Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 deluser.php 'id' Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27382
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27382/
    titlemyBloggie 2.1.2/2.1.3 deluser.php 'id' Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 editcat.php errormsg Parameter XSS. CVE-2006-1205 . Webapps exploit for php platform
    idEDB-ID:27386
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27386/
    titlemyBloggie 2.1.2/2.1.3 editcat.php errormsg Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 add.php trackback_url Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27387
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27387/
    titlemyBloggie 2.1.2/2.1.3 add.php trackback_url Parameter XSS
  • descriptionmyBloggie 2.1.2/2.1.3 delcomment.php Multiple Parameter XSS. CVE-2006-1205. Webapps exploit for php platform
    idEDB-ID:27381
    last seen2016-02-03
    modified2006-03-09
    published2006-03-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/27381/
    titlemyBloggie 2.1.2/2.1.3 delcomment.php Multiple Parameter XSS

References