Invia #634156: mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSSinformazioni

Titolomtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS
DescrizioneThe /admin/options/update endpoint is used for setting site information and related configurations, all user-controlled input parameters have no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities.
Fonte⚠️ https://gitee.com/mtons/mblog/issues/ICPMMF
Utente
 ZAST.AI (UID 87884)
Sottomissione14/08/2025 06:02 (11 mesi fa)
Moderazione25/08/2025 11:40 (11 days later)
StatoAccettato
Voce VulDB321271 [mtons mblog fino a 3.5.0 /admin/options/update input cross site scripting]
Punti17

Do you want to use VulDB in your project?

Use the official API to access entries easily!