Zhenfeng13 My-Blog Stored Cross-Site Scripting Vulnerability in Category Handler

A stored cross-site scripting vulnerability has been identified in Zhenfeng13 My-Blog versions through 1.0.0. The issue arises in the Category Handler component, specifically within the file '/admin/categories/save'. The vulnerability is caused by inadequate input validation on the 'categoryName' argument, which allows XSS payloads to be inserted into the database. Both the frontend and backend output pages fail to properly encode this data, facilitating stored XSS attacks. Additionally, the application lacks Cross-Site Request Forgery (CSRF) protection, which could enable attackers to manipulate admin users into adding categories with malicious code.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, access the '/admin/categories' page and add a new category. Insert an XSS payload into the 'categoryName' field. Once the category is saved, the malicious script will be executed when the category is viewed, demonstrating the stored XSS vulnerability.