CVE-2007-0798

Name of the Vulnerable Software and Affected Versions Ublog Reload version 1.0.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to certain API endpoints, such as "login.asp". Additionally, remote authenticated users can inject arbitrary web script or HTML via unspecified parameters to "badword.asp", "polls.asp", and "users.asp" endpoints.

Recommendations For Ublog Reload version 1.0.5, consider disabling access to the "login.asp", "badword.asp", "polls.asp", and "users.asp" endpoints until a patch is available. Restrict user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.