If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text.
If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers (including weblog administrator) issued by Hyper NIKKI System.
An attacker could impersonate a user by stealing the cookie information.
It is affected only when webif is used in the direct mode