Vulnerabilities > CVE-2006-5146 - Cross-Site Scripting vulnerability in Yblog
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Yblog funk.php id Parameter XSS. CVE-2006-5146. Webapps exploit for php platform id EDB-ID:28732 last seen 2016-02-03 modified 2006-09-30 published 2006-09-30 reporter You_You source https://www.exploit-db.com/download/28732/ title Yblog funk.php id Parameter XSS description Yblog uss.php action Parameter XSS. CVE-2006-5146. Webapps exploit for php platform id EDB-ID:28734 last seen 2016-02-03 modified 2006-09-30 published 2006-09-30 reporter You_You source https://www.exploit-db.com/download/28734/ title Yblog uss.php action Parameter XSS description Yblog tem.php action Parameter XSS. CVE-2006-5146. Webapps exploit for php platform id EDB-ID:28733 last seen 2016-02-03 modified 2006-09-30 published 2006-09-30 reporter You_You source https://www.exploit-db.com/download/28733/ title Yblog tem.php action Parameter XSS