CVE-2014-10007

Name of the Vulnerable Software and Affected Versions Maian Weblog versions 4.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the name, email, or subject parameter in a contact action to "index.php". This can lead to cross-site scripting (XSS) attacks.

Recommendations For Maian Weblog versions 4.0 and earlier, as a temporary workaround, consider restricting access to the contact action in index.php until a patch is available. Avoid using the parameters name, email, or subject in the affected contact action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.