XSS Vulnerability in CheesyBlog

Summary

Vulnerability
XSS Vulnerability in CheesyBlog
Discovered
2006.01.24
Last Update
0 n/a
ID
EV0049
CVE
CVE-2006-0443
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched
Vendor
n/a
Vulnerable Software
CheesyBlog (http://cheesepizza.net/)
Version
1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in CheesyBlog (http://cheesepizza.net/) script.

Arbitrary script code insertion is possible.

Vulnerable Script: archive.php

All user-defined data isn't properly sanitized. This can be used to post arbitrary html or script code.

PoC/Exploit

XSS Example:

http://host/cheesyblog/archive.php?entry=1

Add a comment

Your name: <XSS>
Your email address: any
Website URL: javascript:[code]
Comment: <XSS>

Solution.

Solution for "XSS Vulnerability in CheesyBlog" is not available. Check vendor's website for updates.