QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3025

Published: Aug 16, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20100805 XSS vulnerability in Open blog

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

openblog-users-xss(60942)

vdb-entry

x_refsource_XF

http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html

x_refsource_MISC

http://packetstormsecurity.org/1008-exploits/openblog-xssxsrf.txt

x_refsource_MISC

20100805 XSS vulnerability in Open Blog

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.