Langhsu Mblog Blog System Cross-Site Scripting Vulnerability in Search Functionality
Vulnerability
A reflected cross-site scripting vulnerability has been identified in Langhsu Mblog Blog System version 3.5.0. This issue arises in the search functionality, specifically within the '/search' endpoint, where the 'kw' parameter is not properly sanitized. As a result, an attacker can inject malicious scripts that are executed in the context of the user's browser. The vulnerability can be exploited remotely, requiring user interaction to trigger the XSS payload.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, navigate to the '/search' endpoint and enter a crafted payload, such as an image tag with an 'onerror' attribute, into the search bar. Once the payload is submitted, the injected script will be executed, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.