Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote malicious users to inject arbitrary web script or HTML via the words parameter.
a-blog a-blog 2