Zhenfeng13 My-Blog Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Zhenfeng13 My-Blog versions through 1.0.0. The issue arises in the Tag Handler component, specifically within the file '/admin/tags/save'. This endpoint fails to properly validate user input, allowing the injection of malicious code into the database. When the content is later displayed at '/admin/tags', it is not properly encoded, facilitating the execution of the injected script. Additionally, the application lacks Cross-Site Request Forgery (CSRF) protection, which could be exploited to manipulate admin users into adding tags with harmful code.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/tags/save' endpoint with a tag name that includes malicious script code. After the tag is saved, navigate to the '/admin/tags' endpoint to observe the execution of the injected script. This vulnerability can be further exploited by using CSRF to trick an admin user into adding a tag with the malicious code.