Vulnonym.com

CVE-2006-5975 - Excludable Fistfucked

Description

Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name (2) URL or (3) Comments field.

Reference

http://www.securityfocus.com/bid/21071 http://secunia.com/advisories/22902 http://securityreason.com/securityalert/1882 https://exchange.xforce.ibmcloud.com/vulnerabilities/30286 https://www.exploit-db.com/exploits/2781 http://www.securityfocus.com/archive/1/451563/100/0/threaded