Soumettre #634155: mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSSinformation

Titremtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS
DescriptionThe /post/submit endpoint is used for publishing blog posts, the user-controlled article title parameter have no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities.
La source⚠️ https://gitee.com/mtons/mblog/issues/ICPMLW
Utilisateur
 ZAST.AI (UID 87884)
Soumission14/08/2025 06:01 (il y a 11 mois)
Modérer25/08/2025 11:38 (11 days later)
StatutDupliqué
Entrée VulDB321270 [mtons mblog jusqu’à 3.5.0 Post /post/submit content/title/ cross site scripting]
Points0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!