FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability
FTPoed is prone to HTML injection attacks. It is possible for a malicious
FTPoed user to inject hostile HTML code into the commentary via form fields.
This code may be rendered in the browser of a web user who views the commentary
of FTPoed.
FTPoed does not adequately filter HTML tags from various fields. This may
enable an attacker to inject arbitrary script code into pages that are
generated by the FTPoed
EXPLOIT
Write <script>alert('test')</script> in a body of a message.