CVE-2009-3594

Description

Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter.

Affected products

• blob / blog_system1.0 – 1.0
• blob / blog_system1.1 – 1.1
• blob / blog_system1.1.1 – 1.1.1

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/35938
• MISChttp://www.osvdb.org/56261
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/51959
• MISChttp://blob.yewipeya.net/bpost.php?postid=0008