CVE-2010-0754

Name of the Vulnerable Software and Affected Versions WikyBlog versions 1.7.2 through 1.7.3 rc2

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the which parameter in a copy action in the index.php/Special/Main/Templates component.

Recommendations For WikyBlog versions 1.7.2 through 1.7.3 rc2, avoid using the which parameter in copy actions until a fix is available. As a temporary workaround, consider restricting access to the index.php/Special/Main/Templates component to minimize the risk of exploitation.