Medium severity4.8NVD Advisory· Published Mar 26, 2004· Updated Jun 16, 2026
CVE-2004-1865
CVE-2004-1865
Description
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
5- marc.infonvdExploitIssue TrackingThird Party Advisory
- securitytracker.com/idnvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/13397nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/15635nvdThird Party AdvisoryVDB Entry
- www.osvdb.org/10510nvdBroken Link
News mentions
0No linked articles in our index yet.