A-Blog CMS up to 2.8.64/2.9.26/2.10.23 cross site scripting

Summaryinfo

A vulnerability classified as problematic has been found in A-Blog CMS up to 2.8.64/2.9.26/2.10.23. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2019-6033. Remote exploitation of the attack is possible. No exploit is available.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in A-Blog CMS up to 2.8.64/2.9.26/2.10.23 (Blog Software). This issue affects some unknown processing. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is integrity. The summary by CVE is:

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

The weakness was published 12/26/2019. The identification of this vulnerability is CVE-2019-6033 since 01/10/2019. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entry is available at VDB-147756. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Blog Software

Name

• A-Blog CMS

Version

• 2.8.0
• 2.8.1
• 2.8.2
• 2.8.3
• 2.8.4
• 2.8.5
• 2.8.6
• 2.8.7
• 2.8.8
• 2.8.9
• 2.8.10
• 2.8.11
• 2.8.12
• 2.8.13
• 2.8.14
• 2.8.15
• 2.8.16
• 2.8.17
• 2.8.18
• 2.8.19
• 2.8.20
• 2.8.21
• 2.8.22
• 2.8.23
• 2.8.24
• 2.8.25
• 2.8.26
• 2.8.27
• 2.8.28
• 2.8.29
• 2.8.30
• 2.8.31
• 2.8.32
• 2.8.33
• 2.8.34
• 2.8.35
• 2.8.36
• 2.8.37
• 2.8.38
• 2.8.39
• 2.8.40
• 2.8.41
• 2.8.42
• 2.8.43
• 2.8.44
• 2.8.45
• 2.8.46
• 2.8.47
• 2.8.48
• 2.8.49
• 2.8.50
• 2.8.51
• 2.8.52
• 2.8.53
• 2.8.54
• 2.8.55
• 2.8.56
• 2.8.57
• 2.8.58
• 2.8.59
• 2.8.60
• 2.8.61
• 2.8.62
• 2.8.63
• 2.8.64
• 2.9.0
• 2.9.1
• 2.9.2
• 2.9.3
• 2.9.4
• 2.9.5
• 2.9.6
• 2.9.7
• 2.9.8
• 2.9.9
• 2.9.10
• 2.9.11
• 2.9.12
• 2.9.13
• 2.9.14
• 2.9.15
• 2.9.16
• 2.9.17
• 2.9.18
• 2.9.19
• 2.9.20
• 2.9.21
• 2.9.22
• 2.9.23
• 2.9.24
• 2.9.25
• 2.9.26
• 2.10.0
• 2.10.1
• 2.10.2
• 2.10.3
• 2.10.4
• 2.10.5
• 2.10.6
• 2.10.7
• 2.10.8
• 2.10.9
• 2.10.10
• 2.10.11
• 2.10.12
• 2.10.13
• 2.10.14
• 2.10.15
• 2.10.16
• 2.10.17
• 2.10.18
• 2.10.19
• 2.10.20
• 2.10.21
• 2.10.22
• 2.10.23

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion