Submeter #623480: ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSSinformação

TítuloZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS
DescriçãoThis XSS vulnerability is different from the previously disclosed CVE-2023-29639 (blog article content) and CVE-2023-29636(blog article tile). This vulnerability occurs when adding blog categories, where the backend implementation lacks strict input validation, allowing XSS payloads to be inserted into the database. The frontend and backend output pages also lack proper encoding, leading to Stored XSS attacks. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding blog category names containing malicious code.
Fonte⚠️ https://github.com/ZHENFENG13/My-Blog/issues/146
Utilizador
 ZAST.AI (UID 87884)
Submissão26/07/2025 18h27 (há 9 meses)
Moderação08/08/2025 10h35 (13 days later)
EstadoAceite
Entrada VulDB319236 [zhenfeng13 My-Blog até 1.0.0 Category /admin/categories/save categoryName Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!