A xss vulnerability was discovered in mblog.
In mblog3.5, stored XSS exists via the /post/editing value parameter, which allows remote attackers to inject arbitrary web script or HTML.
poc
xss payload:
<img src=x onerror=alert(1)>
Another stored XSS exists via the /settings/profile value parameter, which allows remote attackers to inject arbitrary web script or HTML.
poc
xss payload:
<img src=x onerror=alert(1)>
The text was updated successfully, but these errors were encountered:
A xss vulnerability was discovered in mblog.
In mblog3.5, stored XSS exists via the
/post/editingvalue parameter, which allows remote attackers to inject arbitrary web script or HTML.poc
Another stored XSS exists via the
/settings/profilevalue parameter, which allows remote attackers to inject arbitrary web script or HTML.poc
The text was updated successfully, but these errors were encountered: