← Zuruck zu CVEs
CVE-2023-29636
MEDIUM5.4
Beschreibung
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht5/1/2023
Zuletzt geandert1/27/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
zhenfeng13:my_blog
Schwachen (CWE)
CWE-79CWE-79
Referenzen
https://github.com/ZHENFENG13/My-Blog/issues/131(cve@mitre.org)
https://github.com/ZHENFENG13/My-Blog/issues/131(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.