CVE-2024-13202— wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting

CVSS 2.4 · Low EPSS 0.11% · P29 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-13202

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

SpringBoot-Blog 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SpringBoot-Blog是wander个人开发者的一个 Java 博客系统。 SpringBoot-Blog 1.0版本存在安全漏洞，该漏洞源于文件src/main/java/com/my/blog/website/controller/admin/PageController.java的参数content会导致跨站脚本攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
wander-chu	SpringBoot-Blog	1.0	-

II. Public POCs for CVE-2024-13202

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-13202

请登录查看更多情报信息。

SpringBoot Blog has storage XSS · Issue #7 · wander-chu/SpringBoot-Blogissue-tracking
SpringBoot Blog has storage XSS · Issue #7 · wander-chu/SpringBoot-Blogexploitissue-tracking
CVE-2024-13202 wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scriptingsignaturepermissions-required
Submit #470914: wander-chu SpringBoot-Blog 1.0 Storage XSSthird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-13202

Same Patch Batch · wander-chu · 2025-01-09 · 3 CVEs total

CVE-2024-13200	7.3 HIGH	wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control
CVE-2024-13201	4.7 MEDIUM	wander-chu SpringBoot-Blog Admin Attachment AttachtController.java upload unrestricted upl

IV. Related Vulnerabilities

Same product: SpringBoot-Blog

Same vendor: wander-chu

Same weakness: CWE-79

V. Comments for CVE-2024-13202

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-13202— wander-chu SpringBoot-Blog Blog Article PageController.java modifiyArticle cross site scripting

I. Basic Information for CVE-2024-13202

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-13202

III. Intelligence Information for CVE-2024-13202

Same Patch Batch · wander-chu · 2025-01-09 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-13202

Leave a comment