Ahsan Aziz

**Name of the Vulnerable Software and Affected Versions** BlogEngine.NET version 3.3.8.0 **Description** A stored Cross-site Scripting (XSS) issue allows the injection of arbitrary JavaScript in the security context of a blog visitor through the upload of a specially crafted file. **Recommendations** For BlogEngine.NET version 3.3.8.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BlogEngine.NET version 3.3.8.0 **Description** A stored Cross-site Scripting (XSS) vulnerability allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. Additionally, an Improper Access Control vulnerability allows unauthenticated visitors to access the files of unpublished blogs. **Recommendations** For BlogEngine.NET version 3.3.8.0, as a temporary workaround, consider restricting access to blog posts until a patch is available. Avoid using the blog post feature in BlogEngine.NET until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.