CVE-2014-8996

Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.php.

Date published : 2014-11-20

http://www.securityfocus.com/bid/71111

http://blog.nibbleblog.com/post/nibbleblog-v4.0.2-coffee/