Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wikyblog | Wikyblog | <= 1.7 |
Related Weaknesses (CWE)
References
- http://osvdb.org/48790
- http://secunia.com/advisories/32087Vendor Advisory
- http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444
- http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html
- http://www.securityfocus.com/bid/31525Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45603
- http://osvdb.org/48790
- http://secunia.com/advisories/32087Vendor Advisory
- http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444
- http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html
- http://www.securityfocus.com/bid/31525Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45603
FAQ
What is CVE-2008-6097?
CVE-2008-6097 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSe...
How severe is CVE-2008-6097?
CVE-2008-6097 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6097?
Check the references section above for vendor advisories and patch information. Affected products include: Wikyblog Wikyblog.