My-Blog <=1.0.0 Stored XSSbayani

Kura	ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS
Gaskiya	This XSS vulnerability is different from the previously disclosed CVE-2023-29639 (blog article content) and CVE-2023-29636(blog article tile). This vulnerability occurs when adding blog categories, where the backend implementation lacks strict input validation, allowing XSS payloads to be inserted into the database. The frontend and backend output pages also lack proper encoding, leading to Stored XSS attacks. Additionally, this application has no CSRF protection, enabling attackers to exploit CSRF to trick admin users into adding blog category names containing malicious code.
Manga	⚠️ https://github.com/ZHENFENG13/My-Blog/issues/146
Màdùmga	ZAST.AI (UID 87884)
Furta	07/26/2025 18:27 (7 Wurɗi 전)
Gargajiya	08/08/2025 10:35 (13 days later)
Halitta	Shingilam
VulDB gite	319236 [zhenfeng13 My-Blog har 1.0.0 Category /admin/categories/save categoryName Cross Site Scripting]
Nganji	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!