ChipmunkBlogger improper input sanitizing Discovered by: Nomenumbra Date: 6/4/2006 impact:moderate (privilege escalation,possible defacement) Posts (potentially made by lower-privilege members) and profile names aren't properly sanitized, thus resulting in being vulnerable to the following kind of XSS injection: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> The photo gallery input isn't sanitized either, by giving the following input as an url we have a nice XSS attack: javascript:alert(%27xss%27) Nomenumbra/[0x4F4C]