Hi,

last week i found a Cross-Site Scripting vulnerability in dasBlog that allows to inject script code in certain administrative pages and to “steal” the administrative cookie.

I will post a detailed advisory later this week.

for now – if you use dasBlog get the patch and installations instructions here. ASAP.

Spread the word!