CVE-2006-4829

Name of the Vulnerable Software and Affected Versions Blojsom versions 2.31

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in a blog post, including the blog-category-description, blog-entry-title, rss-enclosure-url, technorati-tagsi, or blog-category-name parameter.

Recommendations For Blojsom version 2.31, avoid using the parameters blog-category-description, blog-entry-title, rss-enclosure-url, technorati-tagsi, or blog-category-name in blog posts until a fix is available. Consider restricting access to these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.