Vulnerabilities > CVE-2007-3198 - Cross-Site Scripting vulnerability in Maran Blog
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Maran PHP Blog 'comments.php' Cross-Site Scripting Vulnerability. CVE-2007-3198. Webapps exploit for php platform |
| id | EDB-ID:32090 |
| last seen | 2016-02-03 |
| modified | 2008-07-21 |
| published | 2008-07-21 |
| reporter | Dr.Crash |
| source | https://www.exploit-db.com/download/32090/ |
| title | Maran PHP Blog 'comments.php' Cross-Site Scripting Vulnerability |
References
- http://osvdb.org/35374
- http://secunia.com/advisories/25616
- http://securityreason.com/securityalert/2797
- http://www.securityfocus.com/archive/1/471046/100/0/threaded
- http://www.securityfocus.com/archive/1/494549/100/0/threaded
- http://www.securityfocus.com/bid/24409
- http://www.securityfocus.com/bid/30309
- http://www.secvsn.com/content/Advisories/sr-060607-maran.html
- http://www.vupen.com/english/advisories/2007/2148
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34812