提交 #634157: mtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSS
| 标题 | mtons https://gitee.com/mtons/mblog <=3.5.0 Reflected XSS |
|---|---|
| 描述 | The /search endpoint is used for frontend article search, the user-controlled kw parameter has no security checks, and the output has no encoding processing, thus creating reflected XSS vulnerabilities. |
| 来源 | ⚠️ https:/ |
| 用户 | ZAST.AI (UID 87884) |
| 提交 | 2025-08-14 06時04分 (11 月前) |
| 管理 | 2025-08-25 11時40分 (11 days later) |
| 状态 | 已接受 |
| VulDB条目 | 321272 [mtons mblog 直到 3.5.0 /search kw 跨网站脚本] |
| 积分 | 17 |