Vulnerabilities > CVE-2006-1779 - Cross-Site Scripting vulnerability in Simplog

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

simplog

nessus

exploit available

NVD

Published: 2006-04-13

Updated: 2018-10-18

Summary

Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter.

Vulnerable Configurations

Part	Description	Count
Application	Simplog Simplog Simplog *	1

Exploit-Db

description	Simplog <= 0.9.2 (s) Remote Commands Execution Exploit. CVE-2006-0146,CVE-2006-0147,CVE-2006-1776,CVE-2006-1777,CVE-2006-1778,CVE-2006-1779,CVE-2006-2029....
file	exploits/php/webapps/1663.php
id	EDB-ID:1663
last seen	2016-01-31
modified	2006-04-11
platform	php
port
published	2006-04-11
reporter	rgod
source	https://www.exploit-db.com/download/1663/
title	Simplog <= 0.9.2 s Remote Commands Execution Exploit
type	webapps

Nessus

NASL family	CGI abuses
NASL id	SIMPLOG_S_FILE_INCLUDE.NASL
description	The remote host is running Simplog, an open source blogging tool written in PHP. The version of Simplog installed on the remote host fails to sanitize input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	21224
published	2006-04-14
reporter	This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21224
title	Simplog <= 0.9.2 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References