CVE-2006-0846

Name of the Vulnerable Software and Affected Versions Leif M. Wright's Blog version 3.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via the Referer and User-Agent HTTP headers. These headers are stored in a log file and are not sanitized when the administrator views the "Log" page. This could be related to the use of the ViewCommentsLog function.

Recommendations For Leif M. Wright's Blog version 3.5, consider sanitizing the Referer and User-Agent HTTP headers before storing them in the log file or viewing the "Log" page to prevent arbitrary web script or HTML injection. As a temporary workaround, restrict access to the "Log" page to minimize the risk of exploitation.