Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| My_blog | Fuzzymonkey | 1.0 (including) | 1.0 (including) |
| My_blog | Fuzzymonkey | 1.2 (including) | 1.2 (including) |
| My_blog | Fuzzymonkey | 1.3 (including) | 1.3 (including) |
| My_blog | Fuzzymonkey | 1.4 (including) | 1.4 (including) |
| My_blog | Fuzzymonkey | 1.5 (including) | 1.5 (including) |
| My_blog | Fuzzymonkey | 1.6 (including) | 1.6 (including) |
| My_blog | Fuzzymonkey | 1.21 (including) | 1.21 (including) |
| My_blog | Fuzzymonkey | 1.22 (including) | 1.22 (including) |
| My_blog | Fuzzymonkey | 1.23 (including) | 1.23 (including) |
| My_blog | Fuzzymonkey | 1.31 (including) | 1.31 (including) |
| My_blog | Fuzzymonkey | 1.51 (including) | 1.51 (including) |
| My_blog | Fuzzymonkey | 1.52 (including) | 1.52 (including) |
| My_blog | Fuzzymonkey | 1.61 (including) | 1.61 (including) |
| My_blog | Fuzzymonkey | 1.62 (including) | 1.62 (including) |
| My_blog | Fuzzymonkey | 1.63 (including) | 1.63 (including) |
| My_blog | Fuzzymonkey | 1.64 (including) | 1.64 (including) |
| Html-bbcode | M_blom | 1.03 (including) | 1.03 (including) |
| Html-bbcode | M_blom | 1.04 (including) | 1.04 (including) |