BLOG:CMS Comments Script Insertion Vulnerability

Francois Ropert has discovered a vulnerability in BLOG:CMS, which can be exploited by malicious users to conduct script insertion attacks.

Input passed to the body when editing a comment is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user’s browser session in context of an affected site when a malicious comment is viewed.

The vulnerability is confirmed in version 4.2.1.c. Other versions may also be affected

Recent comments

Blog comments powered by Disqus