last week i found a Cross-Site Scripting vulnerability in dasBlog that allows to inject script code in certain administrative pages and to “steal” the administrative cookie.
I will post a detailed advisory later this week.
for now – if you use dasBlog get the patch and installations instructions here. ASAP.
Spread the word!