Vulnerabilities > Pyblosxom

DATE CVE VULNERABILITY TITLE RISK
2006-06-07 CVE-2006-2880 Cross-Site Scripting vulnerability in Pyblosxom 1.2.1
Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields.
network
pyblosxom
6.8
2006-02-15 CVE-2006-0707 Information Exposure vulnerability in Pyblosxom 1.2.1/1.3
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.
network
low complexity
pyblosxom CWE-200
5.0