Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Easy Blog Site 1.0: Malicious code can be injected into blog posts
CVE-2026-5806
Summary
A security vulnerability in Easy Blog Site 1.0 allows attackers to inject malicious code into blog posts. This can happen when a user submits a post title with malicious code, potentially compromising the site's security. To protect your site, update to the latest version of Easy Blog Site.
Original title
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to c...
Original description
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
4.0
nvd CVSS3.1
3.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026