Stored cross-site scripting in BlogEngine.NET version

Discovered by Ahsan Aziz on behalf of The Missing Link Security

Vulnerability Details

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.

Affected Versions

Discovered in:

Latest News