Description
Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alberto Trivero · textwebappsphp
https://www.exploit-db.com/exploits/25612
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://mywebland.com/forums/viewtopic.php?t=180
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20436
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111531904608224&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20434
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13507
Scores
EPSS
0.0497
EPSS Percentile
89.7%
Details
Status
published
Products (2)
mywebland/mybloggie
2.1.1
mywebland/mybloggie
2.1.2
Published
May 11, 2005
Tracked Since
Feb 18, 2026