Javier Bassi

**Name of the Vulnerable Software and Affected Versions** Post Revolution versions prior to 0.8.0c-2 **Description** The issue allows remote attackers to cause a denial of service, specifically an infinite loop, by providing malformed HTML markup. This can be achieved with a sequence such as `a<`. **Recommendations** For versions prior to 0.8.0c-2, update to version 0.8.0c-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Post Revolution versions prior to 0.8.0c-2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via attributes of various HTML elements, including `P`, `STRONG`, `A`, `EM`, `I`, `IMG`, `LI`, `OL`, `VIDEO`, and `BLOCKQUOTE`. **Recommendations** For versions prior to 0.8.0c-2, update to version 0.8.0c-2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Post Revolution versions 0.8.0c-2 and earlier **Description** The issue allows remote attackers to hijack the authentication of arbitrary users for requests to specific API endpoints, including "ajax-weblog-guardar.php", "verpost.php", "comments.php", and "perfil.php". **Recommendations** For Post Revolution versions 0.8.0c-2 and earlier, as a temporary workaround, consider restricting access to the affected API endpoints until a patch is available. Avoid using the affected endpoints in "ajax-weblog-guardar.php", "verpost.php", "comments.php", and "perfil.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.