Vulnerabilities > CVE-2006-5064 - Unspecified vulnerability in Birdblog
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN birdblog
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
description BirdBlog 1.x user.php uid Parameter XSS. CVE-2006-5064. Webapps exploit for php platform id EDB-ID:28669 last seen 2016-02-03 modified 2006-09-25 published 2006-09-25 reporter Root3r_H3ll source https://www.exploit-db.com/download/28669/ title BirdBlog 1.x user.php uid Parameter XSS description BirdBlog 1.x comment.php entryid Parameter XSS. CVE-2006-5064. Webapps exploit for php platform id EDB-ID:28667 last seen 2016-02-03 modified 2006-09-25 published 2006-09-25 reporter Root3r_H3ll source https://www.exploit-db.com/download/28667/ title BirdBlog 1.x comment.php entryid Parameter XSS description BirdBlog 1.x index.php page Parameter XSS. CVE-2006-5064. Webapps exploit for php platform id EDB-ID:28668 last seen 2016-02-03 modified 2006-09-25 published 2006-09-25 reporter Root3r_H3ll source https://www.exploit-db.com/download/28668/ title BirdBlog 1.x index.php page Parameter XSS
References
- http://securitytracker.com/id?1017258
- http://securitytracker.com/id?1017258
- http://www.osvdb.org/31367
- http://www.osvdb.org/31367
- http://www.osvdb.org/31368
- http://www.osvdb.org/31368
- http://www.osvdb.org/31369
- http://www.osvdb.org/31369
- http://www.securityfocus.com/bid/20202
- http://www.securityfocus.com/bid/20202