CVE-2024-13202

State: PUBLISHED · Published: 2025-01-09 · Updated: 2025-01-09 · Assigner: VulDB

Description

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE

CWE-79 — Cross Site Scripting
CWE-94 — Code Injection

Affected

wander-chu / SpringBoot-Blog — v=1.0 [affected]

CVSS

4.0 score=5.1 severity=MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.1 score=2.4 severity=LOW CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
3.0 score=2.4 severity=LOW CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
2.0 score=3.3 severity= AV:N/AC:L/Au:M/C:N/I:P/A:N

References

https://vuldb.com/?id.290795 vdb-entry, technical-description
https://vuldb.com/?ctiid.290795 signature, permissions-required
https://vuldb.com/?submit.470914 third-party-advisory
https://github.com/wander-chu/SpringBoot-Blog/issues/7 issue-tracking
https://github.com/wander-chu/SpringBoot-Blog/issues/7#issue-2761643235 exploit, issue-tracking

Source

cvelistV5-main/cves/2024/13xxx/CVE-2024-13202.json