SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)

[sikikmail () gmail com]

SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML 
script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the 
commentary of SparkleBlog.
SparkleBlog does not adequately filter HTMl tags from various fields. This may enable an attacker to inject arbitrary 
script code into pages that are generated by SparkleBlog 
example:
put <script>alert('test')</script> in the "name:" tag in http://localhost/journal.php?id=1

SparkleBlog home page: http://www.creamed-coconut.org/