Cross Site Scripting Vulnerability in My-Blog by ZHENFENG13
CVE-2023-29639

5.4MEDIUM

Key Information:

Vendor: Zhenfeng13 My-blog Project
Status: Zhenfeng13 My-blog
Vendor: CVE Published:; 1 May 2023

Summary

A Cross Site Scripting (XSS) vulnerability exists in the My-Blog software developed by ZHENFENG13. This flaw enables attackers to inject arbitrary web scripts or HTML into the 'blog article' page when editing an article. The issue arises from the default configuration that does not invoke the MyBlogUtils.cleanString method, leaving it susceptible to malicious input that could be executed in the context of a user's session.

References

https://github.com/ZHENFENG13/My-Blog/issues/131

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 1, 2023
Vulnerability Reserved
Apr 7, 2023