MidnightBSD

Advisories for newtelligence

CVE-2004-1657 MEDIUM

Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
newtelligence dasblog 1.3
newtelligence dasblog 1.5
newtelligence dasblog 1.6
newtelligence dasblog 1.4
CVE-2014-7292 MEDIUM

Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
newtelligence dasblog 2.3
newtelligence dasblog 2.1
newtelligence dasblog 2.2