Description
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/15743
References (7)
Core 7
Core References
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_blogcms.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15743
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms_1.html
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms.html
Patch x_refsource_confirm
http://blogcms.com/
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8112
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/96731/blogcms-xsrfxss.txt
Scores
EPSS
0.0693
EPSS Percentile
91.5%
Details
CWE
CWE-79
Status
published
Products (1)
blogcms/blog\
cms 4.2.1.e
Published
Mar 01, 2011
Tracked Since
Feb 18, 2026