MidnightBSD

Advisories for zhenfeng13_my-blog_project

CVE-2023-29636

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.

Products Affected

Vendor Product Version
zhenfeng13_my-blog_project zhenfeng13_my-blog -
zhenfeng13 my_blog -
CVE-2023-29639

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.

Products Affected

Vendor Product Version
zhenfeng13_my-blog_project zhenfeng13_my-blog -
zhenfeng13 my_blog -