Security Advisory

CVE-2017-14957

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-01 15:00:00

Last updated 2024-08-05 19:42:22

Assigner mitre

State PUBLISHED

Description

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.

← Browse all CVEs View on cve.org ↗