Описание
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.
Ссылки
- ExploitIssue TrackingVendor Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:zhenfeng13_my-blog_project:zhenfeng13_my-blog:-:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00421
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.
EPSS
Процентиль: 61%
0.00421
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79