Mogu blog 代码问题漏洞

Mogu blog 蘑菇博客 is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A code issue vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from an unrestricted parameter filedatas in file/file/pictures, which could...

Mogu blog 路径遍历漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A path traversal vulnerability exists in Mogu blog v2 5.2 and earlier versions, which stems from the improper handling of the fileUrl parameter in the FileOperation.unzi...

PT-2025-48428

Name of the Vulnerable Software and Affected Versions Mogu Blog v2 versions up to 5.2 Description A weakness exists in Mogu Blog v2 up to version 5.2. This issue involves the manipulation of the filedatas argument within an unknown function of the /file/pictures endpoint, leading to unrestricted...

PT-2025-48419

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog versions up to 5.2 Description A security issue exists in moxi159753 Mogu Blog v2. The LocalFileServiceImpl.uploadPictureByUrl function, located in the /file/uploadPicsByUrl file, is susceptible to server-side request...

Mogu blog 代码问题漏洞

Mogu blog is a micro-architecture based front-end and back-end shared blog system by individual developers in Streamlet, China. A code issue vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a flaw in the function LocalFileServiceImpl.uploadPictureByUrl in the...

PT-2025-48430

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog v2 versions up to 5.2 Description A security issue exists in moxi159753 Mogu Blog v2. The FileOperation.unzip function within the ZIP File Handler component, located in the /networkDisk/unzipFile file, is susceptible to pa...

The WIRED Guide to Digital Opsec for Teens

Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers and anyone else who wants to button up their digital lives...

Poems Can Trick AI Into Helping You Make a Nuclear Weapon

It turns out all the guardrails in the world won’t protect a chatbot from meter and rhyme...

Blog Site blog.php File SQL Injection Vulnerability

Blog Site is a blogging system. Blog Site suffers from an SQL injection vulnerability that originates from the lack of validation of the name/field parameter in the file /resources/functions/blog.php for externally typed SQL statements. An attacker can exploit this vulnerability to execute illega...

CVE-2025-65956

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

Elena Lazar: Failures are Inevitable – Reliability is a Choice

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights...

INE Expands Cross-Skilling Innovations

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire...

CVE-2025-65956

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

Formwork 跨站脚本漏洞

Formwork is Formwork open source a flat file based content management system CMS. It is used to build and manage simple websites. A cross-site scripting vulnerability exists in Formwork versions prior to 2.2.0, which stems from an uncleaned blog tag field input that could lead to a stored...

Cross-site Scripting (XSS)

Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog tag field. An attacker can execute arbitrary scripts in the context of another user's browser...

CVE-2025-65956

Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

EUVD-2025-199018

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...

CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags

Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...