yes the journal is exploitable aswell
there seem to be no filters on the journal title so you can simply put:
"><script>alert('XSS')</script>
also the other places where you can update your journal etc. don't filter
anything
proof:
http://vampirefreaks.com/journal.php?u=NanoyMaster
