EPSS
Percentile
25.6%
The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code
"><script>alert(document.domain)</script>