| Title | mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS |
|---|
| Description | The /settings/profile endpoint is used for editing user profile information, the user-controlled bio content parameter has no security checks, and has no encoding processing during output, thus creating stored XSS vulnerabilities. |
|---|
| Source | ⚠️ https://gitee.com/mtons/mblog/issues/ICPML3 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 08/13/2025 14:06 (8 months ago) |
|---|
| Moderation | 08/25/2025 08:18 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 321245 [mtons mblog up to 3.5.0 /settings/profile signature cross site scripting] |
|---|
| Points | 17 |
|---|