CVE-2007-3973

Jblog - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by s4mi · htmlwebappsphp

https://www.exploit-db.com/exploits/4211

View Code ZIP pw:eip

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/4408

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://osvdb.org/38557

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/24991

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35551

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35556

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/474320/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4211

[Third Party Advisory, VDB Entry] http://osvdb.org/38558

[Third Party Advisory] http://secunia.com/advisories/26165

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2611

[Third Party Advisory] http://securityreason.com/securityalert/2919

Scores

EPSS 0.2070

EPSS Percentile 95.6%

Details

Status published

Products (1)

jblog/jblog 1.0

Published Jul 25, 2007

Tracked Since Feb 18, 2026