| タイトル | ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS |
|---|
| 説明 | This XSS vulnerability is different from the previously disclosed CVE-2023-29639 (blog article content) and CVE-2023-29636(blog article tile). This vulnerability occurs when adding blog categories, where the backend implementation lacks strict input validation, allowing XSS payloads to be inserted into the database. The frontend and backend output pages also lack proper encoding, leading to Stored XSS attacks. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding blog category names containing malicious code. |
|---|
| ソース | ⚠️ https://github.com/ZHENFENG13/My-Blog/issues/146 |
|---|
| ユーザー | ZAST.AI (UID 87884) |
|---|
| 送信 | 2025年07月26日 18:27 (9 月 ago) |
|---|
| モデレーション | 2025年08月08日 10:35 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319236 [zhenfeng13 My-Blog 迄 1.0.0 Category /admin/categories/save categoryName クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|