CVE-2006-3514 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.

Affected Software

Name	Vendor	Start Version	End Version
Php-blogger	Phpblogger	2.2.5 (including)	2.2.5 (including)

References

http://secunia.com/advisories/20989
http://securityreason.com/securityalert/1202
http://www.securityfocus.com/archive/1/439440/100/0/threaded
http://www.securityfocus.com/bid/18909
http://www.vupen.com/english/advisories/2006/2710
https://exchange.xforce.ibmcloud.com/vulnerabilities/27630
http://secunia.com/advisories/20989
http://securityreason.com/securityalert/1202
http://www.securityfocus.com/archive/1/439440/100/0/threaded
http://www.securityfocus.com/bid/18909
http://www.vupen.com/english/advisories/2006/2710
https://exchange.xforce.ibmcloud.com/vulnerabilities/27630

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3514
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html