CVE-2006-1205 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php the (5) errormsg parameter in (c) addcat.php (d) edituser.php (e) adduser.php and (f) editcat.php the (6) trackback_url parameter in (g) add.php (7) id parameter in (h) deluser.php (8) cat_id parameter in (i) delcat.php and (9) post_id parameter in (j) del.php as reachable from admin.php.

Reference

http://www.osvdb.org/23973 http://www.osvdb.org/23974 http://www.osvdb.org/23975 http://www.osvdb.org/23986 http://www.osvdb.org/23987 http://www.osvdb.org/23988 http://www.osvdb.org/23989 http://www.osvdb.org/23990 http://www.osvdb.org/23991 http://www.osvdb.org/23992 http://www.seclab.tuwien.ac.at/advisories/TUVSA-0603-002.txt http://www.securityfocus.com/archive/1/427182/100/0/threaded http://www.securityfocus.com/bid/17048 https://exchange.xforce.ibmcloud.com/vulnerabilities/25134 Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php the (5) errormsg parameter in (c) addcat.php (d) edituser.php (e) adduser.php and (f) editcat.php the (6) trackback_url parameter in (g) add.php (7) id parameter in (h) deluser.php (8) cat_id parameter in (i) delcat.php and (9) post_id parameter in (j) del.php as reachable from admin.php.