exploitDog

GHSA-w96p-mhjx-9hhq

Опубликовано: 01 мая 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.

Ссылки

EPSS

Процентиль: 63%

0.00452

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-29636

CVSS3: 5.4

nvd

почти 3 года назад

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.

EPSS

Процентиль: 63%

0.00452

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79