Enviar #623480: ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSSinformación

TítuloZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS
DescripciónThis XSS vulnerability is different from the previously disclosed CVE-2023-29639 (blog article content) and CVE-2023-29636(blog article tile). This vulnerability occurs when adding blog categories, where the backend implementation lacks strict input validation, allowing XSS payloads to be inserted into the database. The frontend and backend output pages also lack proper encoding, leading to Stored XSS attacks. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding blog category names containing malicious code.
Fuente⚠️ https://github.com/ZHENFENG13/My-Blog/issues/146
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-07-26 18:27 (hace 9 meses)
Moderación2025-08-08 10:35 (13 days later)
EstadoAceptado
Entrada de VulDB319236 [zhenfeng13 My-Blog hasta 1.0.0 Category /admin/categories/save categoryName secuencias de comandos en sitios cruzados]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!