CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1865

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.0%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

http://marc.info/?l=bugtraq&m=108034226717745&w=2
http://securitytracker.com/id?1009564
http://www.osvdb.org/10510
http://www.securityfocus.com/bid/13397
https://exchange.xforce.ibmcloud.com/vulnerabilities/15635
http://marc.info/?l=bugtraq&m=108034226717745&w=2
http://securitytracker.com/id?1009564
http://www.osvdb.org/10510
http://www.securityfocus.com/bid/13397
https://exchange.xforce.ibmcloud.com/vulnerabilities/15635

Products affected by CVE-2004-1865

Bblog » Bblog » Version: 0.7.2

cpe:2.3:a:bblog:bblog:0.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1865

Products

Pricing

Contact Us