My-Blog <=1.0.0 Stored XSS정보

제목	ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS
설명	This XSS vulnerability is different from the previously disclosed CVE-2023-29639 (blog article content) and CVE-2023-29636(blog article tile). This vulnerability occurs when adding blog categories, where the backend implementation lacks strict input validation, allowing XSS payloads to be inserted into the database. The frontend and backend output pages also lack proper encoding, leading to Stored XSS attacks. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding blog category names containing malicious code.
원천	⚠️ https://github.com/ZHENFENG13/My-Blog/issues/146
사용자	ZAST.AI (UID 87884)
제출	2025. 07. 26. PM 06:27 (9 개월 ago)
모더레이션	2025. 08. 08. AM 10:35 (13 days later)
상태	수락
VulDB 항목	319236 [zhenfeng13 My-Blog 까지 1.0.0 Category /admin/categories/save categoryName 크로스 사이트 스크립팅]
포인트들	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!