Vulnerabilities (CVE)

Filtered by vendor Bblog Subscribe
Filtered by product Bblog
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1865 1 Bblog 1 Bblog 2024-11-20 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.