| 标题 | mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS |
|---|
| 描述 | The /post/submit endpoint is used for publishing blog posts, the user-controlled article title parameter have no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities. |
|---|
| 来源 | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMLW |
|---|
| 用户 | ZAST.AI (UID 87884) |
|---|
| 提交 | 2025-08-14 06時01分 (11 月前) |
|---|
| 管理 | 2025-08-25 11時38分 (11 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 321270 [mtons mblog 直到 3.5.0 Post /post/submit content/title/ 跨网站脚本] |
|---|
| 积分 | 0 |
|---|