FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability

[sikik () bsdmail org]

FTPoed is prone to HTML injection attacks. It is possible for a malicious FTPoed user to inject hostile HTML code into 
the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of 
FTPoed.
FTPoed does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script 
code into pages that are generated by the FTPoed 


EXPLOIT
Write <script>alert('test')</script> in a body of a message.