CVE-2008-2200

Name of the Vulnerable Software and Affected Versions: Maian Weblog version 4.0

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several parameters, including the keywords parameter to "admin/index.php" in a blogs search action, the msg charset and msg header9 parameters to "admin/inc/header.php", and the keywords parameter to "index.php" in a search action.

Recommendations: For Maian Weblog version 4.0, consider restricting access to the affected parameters, such as keywords, msg charset, and msg header9, until a patch is available. As a temporary workaround, avoid using these parameters in the specified API endpoints, such as "admin/index.php" and "index.php", to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.