Name of the Vulnerable Software and Affected Versions:

mblog versions up to 3.5.0

Description:

A flaw has been found in mblog that allows for cross site scripting. The issue is caused by the manipulation of the `kw` argument in the `/search` file. The attack can be initiated remotely. The exploit has been published.

Recommendations:

Versions prior to 3.5.1 are affected.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.