Vulnerabilities > CVE-2006-6032 - Cross-Site Scripting vulnerability in Sphpblog 0.4.8
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
sphpblog
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |