MidnightBSD

Advisories for pyblosxom

CVE-2006-0707 MEDIUM

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
pyblosxom pyblosxom 1.2.1
pyblosxom pyblosxom *
pyblosxom pyblosxom 1.3
CVE-2006-2880 MEDIUM

Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
pyblosxom pyblosxom 1.2.1
pyblosxom pyblosxom *