Vulnerabilities > CVE-2006-3514 - Cross-Site Scripting vulnerability in PHPblogger PHP-Blogger 2.2.5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

phpblogger

NVD

Published: 2006-07-11

Updated: 2018-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

Vulnerable Configurations

Part	Description	Count
Application	Phpblogger Phpblogger PHP Blogger 2.2.5	1

References

http://secunia.com/advisories/20989
http://securityreason.com/securityalert/1202
http://www.securityfocus.com/archive/1/439440/100/0/threaded
http://www.securityfocus.com/bid/18909
http://www.vupen.com/english/advisories/2006/2710
https://exchange.xforce.ibmcloud.com/vulnerabilities/27630