Primary

Context

Lenve VBlog Cross-Site Scripting Vulnerability in Article Service

Vulnerability

A stored cross-site scripting vulnerability has been identified in lenve VBlog versions through 1.0.0. The issue resides in the ArticleService.java file, specifically within the addNewArticle function. The vulnerability arises because user input in the mdContent and htmlContent arguments is not properly sanitized before being outputted as a web page, allowing for the execution of malicious scripts. This vulnerability can be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create a new article in VBlog 1.0.0 and include JavaScript in the content fields. Once the article is saved, the script will execute when the article is viewed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lenve VBlog Cross-Site Scripting Vulnerability in Article Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating