OneBlog v2.3.4 exists to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
zhyd oneblog 2.3.4