CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-0846

Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.3%

CVSS Severity

CVSS v2 Score 4.3

References

http://secunia.com/advisories/18923
http://securityreason.com/securityalert/522
http://www.evuln.com/vulns/82/summary.html
http://www.securityfocus.com/bid/16715
https://exchange.xforce.ibmcloud.com/vulnerabilities/24758
http://secunia.com/advisories/18923
http://securityreason.com/securityalert/522
http://www.evuln.com/vulns/82/summary.html
http://www.securityfocus.com/bid/16715
https://exchange.xforce.ibmcloud.com/vulnerabilities/24758

Products affected by CVE-2006-0846

Leif M. Wright » Web Blog » Version: 3.5

cpe:2.3:a:leif_m._wright:web_blog:3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0846

Products

Pricing

Contact Us