Post Revolution Multiple HTML Injection and Denial of Service Vulnerabilities
The information has been provided by Javier Bassi.
The original article can be found at: http://www.securityfocus.com/bid/47967
* Post Revolution PostRev 0.8.0c
* Post Revolution PostRev 0.8.0c-2
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The vendor has released an update and an advisory.
Initial Release: Jun 01 2011