CVE-2004-1865

Name of the Vulnerable Software and Affected Versions bBlog version 0.7.2

Description A cross-site scripting (XSS) issue exists in the administration panel, allowing remote authenticated users with superuser privileges to inject arbitrary web script or HTML via the blogname variable. This issue may not be considered a vulnerability if administrators are normally allowed to add HTML through other means.

Recommendations For bBlog version 0.7.2, consider restricting the ability to inject HTML via the blog name to prevent potential exploitation, or ensure that administrators are not allowed to add HTML through other means, thus minimizing the risk associated with this issue.