Mywebland : Security Vulnerabilities, CVEs, (XSS)
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
Max CVSS
6.8
EPSS Score
3.29%
Published
2007-01-19
Updated
2018-10-16
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
Max CVSS
5.8
EPSS Score
0.92%
Published
2006-07-27
Updated
2018-10-17
Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
Max CVSS
4.3
EPSS Score
0.32%
Published
2006-05-09
Updated
2018-10-18
Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
2.6
EPSS Score
0.50%
Published
2006-04-20
Updated
2017-07-20
Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php.
Max CVSS
4.3
EPSS Score
1.83%
Published
2006-03-14
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
Max CVSS
4.3
EPSS Score
0.79%
Published
2005-05-11
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
Max CVSS
4.3
EPSS Score
0.14%
Published
2005-04-15
Updated
2008-09-05
7 vulnerabilities found