Ali202

**Name of the Vulnerable Software and Affected Versions** Foojan PHP Weblog (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `Referer` field in the HTTP header in files such as `index.php` or `admin.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foojan PHP Weblog (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved via a direct request to "/daylinks/index.php" or by providing a negative value in the `daylinkspage` parameter to "index.php", which reveals the path in an error message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.