CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2364 – lenve VBlog ArticleService.java addNewArticle cross site scripting
https://notcve.org/view.php?id=CVE-2025-2364
17 Mar 2025 — A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://magnificent-dill-351.notion.site/Stored-XSS-Vulnerability-in-VBlog-1-0-0-1adc693918ed80d9bd08e03df0ed7a98 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2363 – lenve VBlog ArticleController.java uploadImg path traversal
https://notcve.org/view.php?id=CVE-2025-2363
17 Mar 2025 — A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.299862 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •