Vulnerabilities > Zhenfeng13 MY Blog Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-01 | CVE-2023-29636 | Cross-site Scripting vulnerability in Zhenfeng13 My-Blog Project Zhenfeng13 My-Blog Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | 5.4 |
2023-05-01 | CVE-2023-29639 | Cross-site Scripting vulnerability in Zhenfeng13 My-Blog Project Zhenfeng13 My-Blog Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | 5.4 |