Weblog Oggi v1.0 Homepage: http://www.hotwebscripts.com/index.php User input isn't sanatized before being dynamically generated. For proof of concept just put <IMG SRC="javascript:alert('XSS');"> in as a comment