Vulnerabilities > Mywebland > Mybloggie > 2.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-09 | CVE-2006-4043 | Information Disclosure vulnerability in myBloggie index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | 5.0 |
2006-05-09 | CVE-2006-2269 | HTML Injection vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. network mywebland | 4.3 |
2006-03-14 | CVE-2006-1205 | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.2/2.1.3/2.1.3Beta Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. network mywebland | 4.3 |
2005-09-07 | CVE-2005-2838 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.2/2.1.3Beta SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2005-05-11 | CVE-2005-1499 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter. | 7.5 |
2005-05-11 | CVE-2005-1498 | Input Validation vulnerability in Mybloggie 2.1.1/2.1.2 Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. network mywebland | 4.3 |