Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a blog comment.
ar-blog ar-blog