Can you be more specific? I tested this vulnerability on Oblog v4.5 with the following XSS string: <script>alert("xss")</script> Both the angle brackets and quotes were filtered, so I don't believe that this version is vulnerable to the problem you describe. Can you tell us what version you tested?