CVE-2007-3888

Name of the Vulnerable Software and Affected Versions: Insanely Simple Blog versions 0.5 and earlier

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially related to the term parameter to "index.php" in the search action, or via an anonymous blog entry involving the posted by, subject, and content parameters to "index.php". This can be demonstrated using the onmouseover attribute of certain elements.

Recommendations: For Insanely Simple Blog versions 0.5 and earlier, consider disabling the search action and anonymous blog entry features until a fix is available. Restrict access to the index.php file to minimize the risk of exploitation. Avoid using the term, posted by, subject, and content parameters in the affected API endpoint until the issue is resolved.