CVE-2011-5029

Name of the Vulnerable Software and Affected Versions Simple PHP Blog versions 0.7.0 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the entry parameter to "delete.php" or the category parameter to "index.php".

Recommendations For Simple PHP Blog versions 0.7.0 and earlier, consider disabling access to the "delete.php" and "index.php" scripts until a fix is available, or restrict the entry and category parameters to prevent malicious input.