evoBlog Remote Name tag Script injection
DESCRIPTION
evoBlog is prone to HTML injection attacks. It is possible for a malicious
evoBlog user to inject hostile HTML and script code into the commentary via
form fields. This code may be rendered in the browser of a web user who views
the commentary of evoBlog.
evoBlog does not adequately filter HTML tags from various fields. This may
enable an attacker to inject arbitrary script code into pages that are
generated by the evoBlog.
All versions are vulnerable.
EXPLOIT
Write and HTML script for example: <script>alert('test')</script> in the name
tag.
HOMEPAGE
http://www.ajaxreview.com/