提交 #634157: mtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSS信息

标题mtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSS
描述The /search endpoint is used for frontend article search, the user-controlled kw parameter has no security checks, and the output has no encoding processing, thus creating reflected XSS vulnerabilities.
来源⚠️ https://gitee.com/mtons/mblog/issues/ICPMML
用户
 ZAST.AI (UID 87884)
提交2025-08-14 06時04分 (11 月前)
管理2025-08-25 11時40分 (11 days later)
状态已接受
VulDB条目321272 [mtons mblog 直到 3.5.0 /search kw 跨网站脚本]
积分17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!