sBlog 0.7.2 comments_do.php Multiple Variable POST Method XSS

No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword parameter to search.php or 2 username parameter to commentsdo.php...