VYPR

My Blog

by Zhenfeng13

Source repositories

CVEs (12)

  • CVE-2025-3593MedApr 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be…

  • CVE-2024-13145MedJan 6, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted…

  • CVE-2024-13144MedJan 6, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to…

  • CVE-2023-29639MedMay 1, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.

  • CVE-2023-29636MedMay 1, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.

  • CVE-2025-9100MedAug 18, 2025
    risk 0.34cvss 5.3epss 0.01

    A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be…

  • CVE-2025-8739MedAug 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely.…

  • CVE-2023-1937MedApr 7, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible…

  • CVE-2025-9101LowAug 18, 2025
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-3592LowApr 14, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2025-3591LowApr 14, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The…

  • CVE-2025-8740LowAug 8, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting.…