CVE-2007-5072

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog SPHPBlog before 0.5.1, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain usercolors array parameters to certain userstyle.php files under themes/, as demonstrated by the...