CVE-2006-0735

Fuzzymonkey MY Blog - XSS

Title source: rule
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Aliaksandr Hartsuyeu · textwebappsphp
https://www.exploit-db.com/exploits/27230

References (14)

Core 14
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16659
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.evuln.com/vulns/80/summary.html
Various Sources x_refsource_confirm
http://menno.b10m.net/perl/dists/HTML-BBCode-1.05.tar.gz
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18925
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425087/100/0/threaded
Exploit, Patch, Vendor Advisory x_refsource_misc
http://evuln.com/vulns/79/summary.html
Exploit, Patch, Vendor Advisory x_refsource_confirm
http://evuln.com/vulns/80/summary.html
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18905
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24668
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0642
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425113/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0614
Various Sources x_refsource_confirm
http://menno.b10m.net/perl/HTML-BBCode/Changes

Scores

EPSS 0.1211
EPSS Percentile 93.8%

Details

Status published
Products (18)
fuzzymonkey/my_blog 1.0
fuzzymonkey/my_blog 1.2
fuzzymonkey/my_blog 1.3
fuzzymonkey/my_blog 1.4
fuzzymonkey/my_blog 1.5
fuzzymonkey/my_blog 1.6
fuzzymonkey/my_blog 1.21
fuzzymonkey/my_blog 1.22
fuzzymonkey/my_blog 1.23
fuzzymonkey/my_blog 1.31
... and 8 more
Published Feb 16, 2006
Tracked Since Feb 18, 2026