Sikik

**Name of the Vulnerable Software and Affected Versions** evoBlog (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the commentary of evoBlog. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `name` parameter and other unspecified parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SparkleBlog version 2.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `name` field in the journal.php file. **Recommendations** For SparkleBlog version 2.1, consider restricting input to the `name` field in the journal.php file to prevent arbitrary web script or HTML injection until a patch is available.