Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wrights Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the Log page, possibly using the ViewCommentsLog function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Web_blog | Leif_m._wright | 3.5 (including) | 3.5 (including) |