Submeter #634156: mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSSinformação

Títulomtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS
DescriçãoThe /admin/options/update endpoint is used for setting site information and related configurations, all user-controlled input parameters have no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities.
Fonte⚠️ https://gitee.com/mtons/mblog/issues/ICPMMF
Utilizador
 ZAST.AI (UID 87884)
Submissão14/08/2025 06h02 (há 11 meses)
Moderação25/08/2025 11h40 (11 days later)
EstadoAceite
Entrada VulDB321271 [mtons mblog até 3.5.0 /admin/options/update input Script de Site Cruzado]
Pontos17

Do you know our Splunk app?

Download it now for free!