CVE-2006-5146 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php or the (2) action parameter in (b) tem.php and (c) uss.php.

Reference

http://securityreason.com/securityalert/1679 http://www.attrition.org/pipermail/vim/2006-October/001065.html http://www.securityfocus.com/archive/1/447427/100/0/threaded http://www.securityfocus.com/bid/20280 https://exchange.xforce.ibmcloud.com/vulnerabilities/29291