You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A xss vulnerability was discovered in mblog.
In mblog3.5, stored XSS exists via the /post/editing value parameter, which allows remote attackers to inject arbitrary web script or HTML.
poc
xss payload:
<img src=x onerror=alert(1)>
Another stored XSS exists via the /settings/profile value parameter, which allows remote attackers to inject arbitrary web script or HTML.
poc
xss payload:
<img src=x onerror=alert(1)>
The text was updated successfully, but these errors were encountered:
A xss vulnerability was discovered in mblog.
In mblog3.5, stored XSS exists via the
/post/editingvalue parameter, which allows remote attackers to inject arbitrary web script or HTML.poc
Another stored XSS exists via the
/settings/profilevalue parameter, which allows remote attackers to inject arbitrary web script or HTML.poc
The text was updated successfully, but these errors were encountered: