CVE-2007-3973 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php or the (2) search parameter or (3) theme cookie to (b) recherche.php.

Reference

http://osvdb.org/38557 http://osvdb.org/38558 http://secunia.com/advisories/26165 http://securityreason.com/securityalert/2919 http://www.securityfocus.com/archive/1/474320/100/0/threaded http://www.securityfocus.com/bid/24991 http://www.vupen.com/english/advisories/2007/2611 https://exchange.xforce.ibmcloud.com/vulnerabilities/35551 https://exchange.xforce.ibmcloud.com/vulnerabilities/35556 https://www.exploit-db.com/exploits/4211