Summary
This host is running BLOB Blog System and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to BLOB Blog System 1.2 or later.
http://sourceforge.net/projects/blobblogsystem/files/
Insight
This flaw is due to improper validation of user supplied data passed into the 'postid' parameter in the bpost.php.
Affected
BLOB Blog System prior to 1.2 on all platforms.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3594 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Apache ActiveMQ Multiple Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Continuum Cross Site Scripting Vulnerability