MidnightBSD

Advisories for blog_mini_project

CVE-2019-9765 MEDIUM

In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
blog_mini_project blog_mini 1.0
CVE-2020-18998 MEDIUM

Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
blog_mini_project blog_mini 1.0
CVE-2020-18999 MEDIUM

Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
blog_mini_project blog_mini 1.0