CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-2809

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.2%

CVSS Severity

CVSS v2 Score 6.8

References

http://securityreason.com/securityalert/1035
http://www.securityfocus.com/archive/1/435205/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26787
http://securityreason.com/securityalert/1035
http://www.securityfocus.com/archive/1/435205/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26787

Products affected by CVE-2006-2809

Ar-Blog » Ar-Blog » Version: 5.2

cpe:2.3:a:ar-blog:ar-blog:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2809

Products

Pricing

Contact Us