exploitDog

CVE-2023-29639

Опубликовано: 01 мая 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.

Ссылки

https://github.com/ZHENFENG13/My-Blog/issues/131
Exploit
Issue Tracking
Vendor Advisory
https://github.com/ZHENFENG13/My-Blog/issues/131
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zhenfeng13:my_blog:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00421

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-22hr-pvw9-gcpj

CVSS3: 5.4

github

почти 3 года назад

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.

EPSS

Процентиль: 61%

0.00421

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79