Blogn unspecified cross-site request forgery
| blogn-unspecified-csrf (44769) |  Medium Risk |
Description:
Blogn is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Platforms Affected:
- R-ONE Computer, Blogn 1.9.7
Remedy:
Upgrade to the latest version of Blogn (1.9.8 or later), available from the Blogn Web site. See References.
Consequences:
Gain Access
References:
- Blogn Advisory, August 29, 2008, Blogn (BURO GUN) and CSS vulnerability CSRF vulnerability has been identified. author : Staff(S) at http://www.blogn.org/index.php?e=172.
- Blogn Web site, BlognPlus at http://www.blogn.org/.
- JVN#84125369, Blogn vulnerable to cross-site request forgery at http://jvn.jp/en/jp/JVN84125369/index.html.
- CVE-2008-3885: Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) 1.9.7 and earlier allows remote attackers to make content modifications as arbitrary users via unspecified vectors. NOTE: some of these details are obtained from third party information.
- SA31662: Blogn Cross-Site Scripting and Cross-Site Request Forgery
Reported:
Aug 29, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net