CVE-2020-18999
https://notcve.org/view.php?id=CVE-2020-18999
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Blog_mini versión v1.0, permite a atacantes remotos ejecutar código arbitrario por medio del componente "/admin/submit-articles". • https://github.com/xpleaf/Blog_mini/issues/44 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-18998
https://notcve.org/view.php?id=CVE-2020-18998
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Blog_mini versión v1.0, permite a atacantes remotos ejecutar código arbitrario por medio del componente "/admin/custom/blog-plugin/add". • https://github.com/xpleaf/Blog_mini/issues/44 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9765
https://notcve.org/view.php?id=CVE-2019-9765
In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html. En Blog_mini 1.0, existe XSS mediante el nombre del autor de una respuesta a un comentario en la función articleDetails() en app/main/views.py. Esto está relacionado con app/templates/_article_comments.html. • https://github.com/xpleaf/Blog_mini/issues/43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •