> Zoomblog is prone to HTML injection attacks. It is possible for a > malicious Zoomblog user to inject hostile HTML and script code into > the commentary via form fields. This bug was corrected on Nov.4th.Also, the "Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability" was corrected on Nov.5th.
Regards, Rogelio http://www.zoomblog.com/