CVE-2010-2437

Name of the Vulnerable Software and Affected Versions AneCMS Blog versions 1.3 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the comment variable to the "modules/blog/index.php" endpoint.

Recommendations For AneCMS Blog versions 1.3 and earlier, as a temporary workaround, consider validating and sanitizing the comment variable to prevent injection of malicious scripts. Restrict access to the "modules/blog/index.php" endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.