| 标题 | mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS |
|---|
| 描述 | The /admin/options/update endpoint is used for setting site information and related configurations, all user-controlled input parameters have no security checks, and output pages in multiple places on the frontend and admin panel have no encoding processing, thus creating stored XSS vulnerabilities. |
|---|
| 来源 | ⚠️ https://gitee.com/mtons/mblog/issues/ICPMMF |
|---|
| 用户 | ZAST.AI (UID 87884) |
|---|
| 提交 | 2025-08-14 06時02分 (11 月前) |
|---|
| 管理 | 2025-08-25 11時40分 (11 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 321271 [mtons mblog 直到 3.5.0 /admin/options/update input 跨网站脚本] |
|---|
| 积分 | 17 |
|---|