Отправить #634157: mtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSSИнформация

Названиеmtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSS
ОписаниеThe /search endpoint is used for frontend article search, the user-controlled kw parameter has no security checks, and the output has no encoding processing, thus creating reflected XSS vulnerabilities.
Источник⚠️ https://gitee.com/mtons/mblog/issues/ICPMML
Пользователь
 ZAST.AI (UID 87884)
Представление14.08.2025 06:04 (11 месяцы назад)
Модерация25.08.2025 11:40 (11 days later)
Статуспринято
Запись VulDB321272 [mtons mblog до 3.5.0 /search kw межсайтовый скриптинг]
Баллы17

Do you want to use VulDB in your project?

Use the official API to access entries easily!