CVE-2006-2820

Name of the Vulnerable Software and Affected Versions HotWebScripts.com Weblog Oggi version 1.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML, possibly by using a javascript URI in the SRC attribute of an IMG element, via a comment.

Recommendations For version 1.0, consider disabling the comment feature until a patch is available to prevent exploitation of this issue. Restrict access to the SRC attribute of an IMG element to minimize the risk of arbitrary script injection.