CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-1135

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile20.96th
Published2006年3月10日
Last Modified2026年4月16日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php.

Affected Platforms (CPE)

📦
Sblog

Sblog

= 0.7.2

References & Advisories

🔗 http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt
🔗 http://secunia.com/advisories/19151
🔗 http://www.osvdb.org/23759
🔗 http://www.osvdb.org/23760
🔗 http://www.securityfocus.com/bid/17044
🔗 http://www.vupen.com/english/advisories/2006/0883
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25111
🔗 http://kiki91.altervista.org/exploit/sBlog_0.72_xss.txt

関連する脆弱性情報

CVE-2006-218910.0

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the...

CVE-2007-58187.6

Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitr...

CVE-2007-18017.5

Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary loc...

CVE-2006-01014.3

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbi...