CVE-2006-6925

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

Published: Jan 13, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-6925
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bitweaver / bitweaver	1.3	1.3.x
bitweaver / bitweaver	1.2.1	1.2.1.x
bitweaver / bitweaver	1.1	1.1.x
bitweaver / bitweaver	1.3.1	1.3.1.x
bitweaver / bitweaver	1.1.1_beta	1.1.1_beta.x

http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
http://secunia.com/advisories/22793
http://securityreason.com/securityalert/2144
http://www.securityfocus.com/bid/20988
http://www.securityfocus.com/bid/20996
http://www.vupen.com/english/advisories/2006/4485
https://exchange.xforce.ibmcloud.com/vulnerabilities/30167

Vulnerability Database

290,476

CVE-2006-6925