CVE-2009-4908

Name of the Vulnerable Software and Affected Versions oBlog (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via parameters such as commentName, commentEmail, commentWeb, or commentText to the "article.php" endpoint. Additionally, remote authenticated administrators can inject arbitrary web script or HTML via parameters like article id or title to the "admin/write.php" endpoint, category id or category name to the "admin/groups.php" endpoint, blogroll id or title to the "admin/blogroll.php" endpoint, or blog name or tag line to the "admin/settings.php" endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.