Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
zhenfeng13 My-Blog Tag save cross site scripting
Vulnerability Description
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
My-Blog 安全漏洞
Vulnerability Description
My-Blog是ZHENFENG13个人开发者的由 SpringBoot + Mybatis + Thymeleaf 等技术实现的 Java 博客系统,页面美观、功能齐全、部署简单及完善的代码。 My-Blog 1.0.0及之前版本存在安全漏洞,该漏洞源于Tag Handler组件对用户输入过滤不足,导致可被远程触发的跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A