CVE-2004-1865 Information

Description

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means e.g. through Smarty templates then this issue would not give any additional privileges and thus would not be considered a vulnerability.

Reference

http://marc.info/?l=bugtraq&m=108034226717745&w=2 http://securitytracker.com/id?1009564 http://www.osvdb.org/10510 http://www.securityfocus.com/bid/13397 https://exchange.xforce.ibmcloud.com/vulnerabilities/15635