0.001 Low
EPSS
Percentile
23.3%
The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code
"><script>alert(document.domain)</script>