Vulnerabilities > CVE-2006-2880 - Cross-Site Scripting vulnerability in Pyblosxom 1.2.1

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
pyblosxom

Summary

Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. This vulnerability is present only in the Contributed Packages of this product.

Vulnerable Configurations

Part Description Count
Application
Pyblosxom
2