bBlog vulnerable to cross-site request forgery


bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability (CWE-352).
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

Eaden McKee
  • bBlog


If a user views a malicious page while logged in, unintended operations may be performed.

[Do not use bBlog]
bBlog is no longer being developed or maintained. It is recommended to stop using bBlog.

The developer states that "DO NOT use this software in production. It is years out of date. It is here simply for historical purposes. There are known security issues."
Vendor Information

Eaden McKee
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2015-0905

  1. JVN : JVN#71903938
  2. National Vulnerability Database (NVD) : CVE-2015-0905
Revision History

  • [2015/04/07]
      Web page was published
      References : Content was added