mblog <=3.5.0 Reflected XSSinfo

Title	mtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSS
Description	The /search endpoint is used for frontend article search, the user-controlled kw parameter has no security checks, and the output has no encoding processing, thus creating reflected XSS vulnerabilities.
Source	⚠️ https://gitee.com/mtons/mblog/issues/ICPMML
User	ZAST.AI (UID 87884)
Submission	08/14/2025 06:04 (8 months ago)
Moderation	08/25/2025 11:40 (11 days later)
Status	Accepted
VulDB entry	321272 [mtons mblog up to 3.5.0 /search kw cross site scripting]
Points	17

Want to know what is going to be exploited?

We predict KEV entries!