CVE-2010-0754 in WikyBlog
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/01/2026
The vulnerability identified as CVE-2010-0754 represents a cross-site scripting weakness in the WikyBlog content management system version 1.7.2 and 1.7.3 rc2. This flaw specifically affects the index.php/Special/Main/Templates component and occurs during copy operations when processing user-supplied input through the which parameter. The vulnerability falls under the CWE-79 category of Cross-Site Scripting, which is a critical web application security flaw that enables attackers to inject malicious scripts into web pages viewed by other users. The attack vector leverages the copy functionality within the special main templates module, making it particularly dangerous as it can be exploited during routine administrative or user operations.
The technical implementation of this vulnerability stems from insufficient input validation and output encoding within the WikyBlog application's template handling system. When a user performs a copy action on templates, the application fails to properly sanitize the which parameter value before incorporating it into the web response. This lack of proper input sanitization allows malicious actors to inject arbitrary HTML or JavaScript code that gets executed in the context of other users' browsers. The vulnerability is particularly concerning because it operates within the administrative or template management interface, potentially enabling attackers to escalate privileges or execute arbitrary code within the application's context.
The operational impact of this vulnerability extends beyond simple script injection, as it can facilitate more sophisticated attacks within the web application environment. Attackers could leverage this XSS flaw to steal session cookies, redirect users to malicious sites, or inject persistent scripts that compromise user accounts. The vulnerability affects the core functionality of WikyBlog's template management system, potentially allowing unauthorized modifications to the application's presentation layer. Given that this affects versions 1.7.2 and 1.7.3 rc2, organizations using these specific releases face significant risk, particularly in environments where multiple users interact with the template system or where administrative privileges are granted to untrusted users.
Mitigation strategies for CVE-2010-0754 should prioritize immediate patching of affected WikyBlog installations to version 1.7.3 or later, which contains the necessary fixes for the XSS vulnerability. Organizations should implement comprehensive input validation and output encoding mechanisms throughout the application, particularly for parameters used in copy operations and template handling. The remediation process must include proper sanitization of all user-supplied input before processing, with special attention to parameters like which that are used in template operations. Security teams should also consider implementing content security policies to limit script execution and monitor for suspicious template manipulation activities. Additionally, the vulnerability aligns with ATT&CK technique T1566.001 for credential access through social engineering and T1059.007 for script injection, making it a critical target for both defensive and offensive security operations. The fix should include proper HTML escaping of template parameters and validation of all input to prevent malicious code execution within the application's template system.