BlogPHP Multiple HTML Injection, Cross-Site Scripting and Cookie Manipulation Vulnerabilities

BlogPHP Multiple HTML Injection, Cross-Site Scripting and Cookie Manipulation Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting user to follow a malicious URI.

The following proof of concept for the cross-site scripting issue is available:

http://www.example.com/index.php?act=sendmessage&user=admin[XSS]