XSS Vulnerability in CheesyBlog

Summary

Vulnerability: XSS Vulnerability in CheesyBlog
Discovered: 2006.01.24
Last Update: 0 n/a
ID: EV0049
CVE: CVE-2006-0443
Risk Level: low
Type: Cross Site Scripting
Status: Unpatched
Vendor: n/a
Vulnerable Software: CheesyBlog (http://cheesepizza.net/)
Version: 1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in CheesyBlog (http://cheesepizza.net/) script.

Arbitrary script code insertion is possible.

Vulnerable Script: archive.php

All user-defined data isn't properly sanitized. This can be used to post arbitrary html or script code.

PoC/Exploit

XSS Example:

http://host/cheesyblog/archive.php?entry=1

Add a comment

Your name: <XSS>
Your email address: any
Website URL: javascript:[code]
Comment: <XSS>

Solution.

Solution for "XSS Vulnerability in CheesyBlog" is not available. Check vendor's website for updates.

XSS Vulnerability in CheesyBlog

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools