Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
osvdb.org/35374
secunia.com/advisories/25616
securityreason.com/securityalert/2797
www.securityfocus.com/archive/1/471046/100/0/threaded
www.securityfocus.com/archive/1/494549/100/0/threaded
www.securityfocus.com/bid/24409
www.securityfocus.com/bid/30309
www.secvsn.com/content/Advisories/sr-060607-maran.html
www.vupen.com/english/advisories/2007/2148
exchange.xforce.ibmcloud.com/vulnerabilities/34812