Unrated severityNVD Advisory· Published Sep 16, 2015· Updated Jun 17, 2026
CVE-2015-6966
CVE-2015-6966
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:nibbleblog:nibbleblog:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:nibbleblog:nibbleblog:*:*:*:*:*:*:*:*range: <=4.0.4
- (no CPE)range: <4.0.5
Patches
Vulnerability mechanics
References
3- blog.nibbleblog.com/post/nibbleblog-v4-0-5/nvdPatchVendor Advisory
- blog.curesec.com/article/blog/NibbleBlog-403-CSRF-46.htmlnvdExploit
- seclists.org/fulldisclosure/2015/Sep/4nvdExploit
News mentions
0No linked articles in our index yet.