Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 81.9%