Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.

By admin