Отправить #634156: mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSSИнформация

Названиеmtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS
ОписаниеThe /admin/options/update endpoint is used for setting site information and related configurations, all user-controlled input parameters have no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities.
Источник⚠️ https://gitee.com/mtons/mblog/issues/ICPMMF
Пользователь
 ZAST.AI (UID 87884)
Представление14.08.2025 06:02 (11 месяцы назад)
Модерация25.08.2025 11:40 (11 days later)
Статуспринято
Запись VulDB321271 [mtons mblog до 3.5.0 /admin/options/update input межсайтовый скриптинг]
Баллы17

Do you need the next level of professionalism?

Upgrade your account now!