CVE-2017-17792

Vulnerability

The XSS vulnerability exists in the markup_clean_href function in inc/conv.php in BlogoText through version 3.7.6. The function does not properly sanitize user-supplied URLs in comments, allowing malicious JavaScript to be injected. The issue was reported in [1] and fixed in commit 7c6f74e [2].

Exploitation

An attacker can exploit this by posting a comment containing a crafted URL that includes JavaScript code. No authentication is required beyond the ability to post comments (typically any visitor if comments are open). The injected script would execute in the context of any user viewing the comment.

Impact

Successful exploitation leads to stored cross-site scripting (XSS), enabling the attacker to execute arbitrary JavaScript in the browsers of visitors. This could lead to session hijacking, defacement, or theft of sensitive information. The privilege level is that of the victim's browser context.

Mitigation

The fix was committed on 2017-12-19 [2]. The patched version should be BlogoText 3.7.7 or later. Users are advised to update to the latest version. As a workaround, consider disabling comments or using a web application firewall to filter XSS payloads.