ACS Blog 0.8/0.9/1.0/1.1 - 'Name' HTML Injection

Author: Dan Crowley
type: webapps
platform: asp
port: 
date_added: 2005-03-28 
date_updated: 2013-05-08 
verified: 1 
codes: CVE-2005-0945;OSVDB-15087 
tags: 
aliases:  
screenshot_url:  
application_url:

source: https://www.securityfocus.com/bid/12921/info

ACS Blog is affected by an HTML injection vulnerability.

The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page.

Name: &lt;script&gt;alert("xss");&lt;/script&gt;