OneBlog v2.3.4 exists to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.