CVE-2007-2781

Name of the Vulnerable Software and Affected Versions WikyBlog versions prior to 1.4.13

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. The issue is related to a certain data2 array element in the include/sessionRegister.php file.

Recommendations For versions prior to 1.4.13, update to version 1.4.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the include/sessionRegister.php file until a patch is available. Avoid using the data2 array element in the affected file until the issue is resolved.