VYPR
Medium severity6.1NVD Advisory· Published Oct 2, 2017· Updated Jun 17, 2026

CVE-2017-14957

CVE-2017-14957

Description

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:blogotext_project:blogotext:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:blogotext_project:blogotext:*:*:*:*:*:*:*:*range: <=3.7.5
    • (no CPE)range: <3.7.6

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.