Soumettre #634153: mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSSinformation

Titremtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS
DescriptionThe /post/submit endpoint is used for publishing blog posts, the user-controlled article content parameter has no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities.
La source⚠️ https://gitee.com/mtons/mblog/issues/ICPMLJ
Utilisateur
 ZAST.AI (UID 87884)
Soumission14/08/2025 06:00 (il y a 11 mois)
Modérer25/08/2025 11:36 (11 days later)
StatutAccepté
Entrée VulDB321270 [mtons mblog jusqu’à 3.5.0 Post /post/submit content/title/ cross site scripting]
Points18

Do you want to use VulDB in your project?

Use the official API to access entries easily!