My-Blog <=1.0.0 Stored XSSजानकारी

शीर्षक	ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS
विवरण	The endpoint /admin/blog/save does not perform strict validation on user-controlled input, thus allowing attackers to insert malicious code into the database. When outputting content at the endpoint /admin/tags, no encoding is performed either, resulting in a stored XSS vulnerability. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding tag names containing malicious code.
स्रोत	⚠️ https://github.com/ZHENFENG13/My-Blog/issues/148
उपयोगकर्ता	ZAST.AI (UID 87884)
सबमिशन	04/08/2025 09:06 AM (9 महीनों पहले)
संयम	17/08/2025 04:05 PM (13 days later)
स्थिति	प्रतिलिपि
VulDB प्रविष्टि	227812 [zhenfeng13 My-Blog Blog Management Page शीर्षक क्रॉस साइट स्क्रिप्टिंग]
अंक	0

Interested in the pricing of exploits?

See the underground prices here!