CVE-2006-0101

Sblog - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php.

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/ref/22/22373-sblog.txt

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22373

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22374

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/0041

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23979

Scores

EPSS 0.0043

EPSS Percentile 62.1%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

sblog/sblog < 0.7.1_build2005-12-02_beta

Timeline

Published Jan 06, 2006

Tracked Since Feb 18, 2026