CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3593 – ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload
https://notcve.org/view.php?id=CVE-2025-3593
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-fileUpload.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3592 – ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3592
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-xss-2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3591 – ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3591
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-xss-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •