CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3593 – ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload
https://notcve.org/view.php?id=CVE-2025-3593
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-fileUpload.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3592 – ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3592
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-xss-2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3591 – ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-3591
14 Apr 2025 — A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-xss-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13145 – zhenfeng13 My-Blog uploadController. java upload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-13145
06 Jan 2025 — A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZHENFENG13/My-Blog/issues/141 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13144 – zhenfeng13 My-Blog BlogController.java uploadFileByEditomd unrestricted upload
https://notcve.org/view.php?id=CVE-2024-13144
06 Jan 2025 — A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZHENFENG13/My-Blog/issues/140 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29636
https://notcve.org/view.php?id=CVE-2023-29636
01 May 2023 — Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. • https://github.com/ZHENFENG13/My-Blog/issues/131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29639
https://notcve.org/view.php?id=CVE-2023-29639
01 May 2023 — Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. • https://github.com/ZHENFENG13/My-Blog/issues/131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •