Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mvblog | Michiel_van_baak | 1.2 | 1.2 |
Mvblog | Michiel_van_baak | 1.5 | 1.5 |
Mvblog | Michiel_van_baak | 1.1 | 1.1 |
Mvblog | Michiel_van_baak | 1.3 | 1.3 |
Mvblog | Michiel_van_baak | 1.0 | 1.0 |