Vulnerabilities > CVE-2006-5064 - Cross-Site Scripting vulnerability in BirdBlog

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

birdblog

exploit available

NVD

Published: 2006-09-28

Updated: 2008-09-05

Summary

Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Birdblog Birdblog Birdblog 1.0.0 Birdblog Birdblog 1.1.0 Birdblog Birdblog 1.2.0 Birdblog Birdblog 1.2.1 Birdblog Birdblog 1.3.0 Birdblog Birdblog 1.3.1 Birdblog Birdblog 1.4	7

Exploit-Db

description	BirdBlog 1.x user.php uid Parameter XSS. CVE-2006-5064. Webapps exploit for php platform
id	EDB-ID:28669
last seen	2016-02-03
modified	2006-09-25
published	2006-09-25
reporter	Root3r_H3ll
source	https://www.exploit-db.com/download/28669/
title	BirdBlog 1.x user.php uid Parameter XSS

description	BirdBlog 1.x comment.php entryid Parameter XSS. CVE-2006-5064. Webapps exploit for php platform
id	EDB-ID:28667
last seen	2016-02-03
modified	2006-09-25
published	2006-09-25
reporter	Root3r_H3ll
source	https://www.exploit-db.com/download/28667/
title	BirdBlog 1.x comment.php entryid Parameter XSS

description	BirdBlog 1.x index.php page Parameter XSS. CVE-2006-5064. Webapps exploit for php platform
id	EDB-ID:28668
last seen	2016-02-03
modified	2006-09-25
published	2006-09-25
reporter	Root3r_H3ll
source	https://www.exploit-db.com/download/28668/
title	BirdBlog 1.x index.php page Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References