Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Expblog | Expblog | <= 0.3.5 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=full-disclosure&m=116042862409660&w=2
- http://secunia.com/advisories/22328Vendor Advisory
- http://securitytracker.com/id?1017028
- http://www.expblog.de/board/viewtopic.php?t=317Patch
- http://www.securityfocus.com/archive/1/448102/100/0/threaded
- http://www.securityfocus.com/bid/20420Exploit
- http://www.vupen.com/english/advisories/2006/3973Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29409
- http://marc.info/?l=full-disclosure&m=116042862409660&w=2
- http://secunia.com/advisories/22328Vendor Advisory
- http://securitytracker.com/id?1017028
- http://www.expblog.de/board/viewtopic.php?t=317Patch
- http://www.securityfocus.com/archive/1/448102/100/0/threaded
- http://www.securityfocus.com/bid/20420Exploit
- http://www.vupen.com/english/advisories/2006/3973Vendor Advisory
FAQ
What is CVE-2006-5239?
CVE-2006-5239 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2...
How severe is CVE-2006-5239?
CVE-2006-5239 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5239?
Check the references section above for vendor advisories and patch information. Affected products include: Expblog Expblog.