Mywebland : Security Vulnerabilities, CVEs, (XSS)

CVE-2007-0353

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
Max CVSS
6.8
EPSS Score
3.29%
Published
2007-01-19
Updated
2018-10-16

CVE-2006-3903

CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
Max CVSS
5.8
EPSS Score
0.92%
Published
2006-07-27
Updated
2018-10-17

CVE-2006-2269

Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
Max CVSS
4.3
EPSS Score
0.32%
Published
2006-05-09
Updated
2018-10-18

CVE-2006-1908

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
2.6
EPSS Score
0.50%
Published
2006-04-20
Updated
2017-07-20

CVE-2006-1205

Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
Max CVSS
4.3
EPSS Score
1.83%
Published
2006-03-14
Updated
2018-10-18

CVE-2005-1498

Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
Max CVSS
4.3
EPSS Score
0.79%
Published
2005-05-11
Updated
2017-07-11

CVE-2005-1140

Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
Max CVSS
4.3
EPSS Score
0.14%
Published
2005-04-15
Updated
2008-09-05
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close