Description
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28669
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28668
exploitdb
WRITEUP
VERIFIED
by Root3r_H3ll · textwebappsphp
https://www.exploit-db.com/exploits/28667
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/31367
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20202
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017258
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/31369
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/31368
Scores
EPSS
0.0079
EPSS Percentile
74.0%
Details
Status
published
Products (7)
birdblog/birdblog
1.0.0
birdblog/birdblog
1.1.0
birdblog/birdblog
1.2.0
birdblog/birdblog
1.2.1
birdblog/birdblog
1.3.0
birdblog/birdblog
1.3.1
birdblog/birdblog
1.4
Published
Sep 28, 2006
Tracked Since
Feb 18, 2026