115 matches found
CVE-2025-3593
Summary: CVE-2025-3593 concerns ZHENFENG13/code-projects My-Blog-layui 1.0. The flaw is in the upload handler at /admin/upload/authorImg/ where improper handling of the File parameter enables unrestricted file upload. Several connected sources confirm remote exploitation and public disclosure of ...
CVE-2025-3592
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-3592
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-3591
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-3591
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-3592 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-3592 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-3592
CVE-2025-3592 affects ZHENFENG13/code-projects My-Blog-layui 1.0, specifically the /admin/v1/link/edit endpoint. The underlying issue is a cross-site scripting vulnerability in that endpoint’s input handling, which can be triggered remotely and may affect multiple parameters. The vulnerability ha...
CVE-2025-3591 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-3591 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-3591
The CVE-2025-3591 entry refers to ZHENFENG13/code-projects My-Blog-layui v1.0, where the vulnerability exists in the /admin/v1/blog/edit functionality. It is described as a cross-site scripting issue that can be triggered remotely and may affect multiple parameters. The vulnerability’s exploit ha...
My-Blog-layui 代码注入漏洞
My-Blog-layui is a blog system by ZHENFENG13 individual developer. A code injection vulnerability exists in My-Blog-layui version 1.0, which originates from a cross-site scripting issue in the file /admin/v1/blog/edit...
PT-2025-16274 · Zhenfeng13 · My-Blog-Layui
Name of the Vulnerable Software and Affected Versions: ZHENFENG13/code-projects My-Blog-layui version 1.0 Description: A vulnerability was found in the file /admin/v1/blog/edit, which leads to cross-site scripting. The attack may be launched remotely, and multiple parameters might be affected. Th...
PT-2025-16276 · Zhenfeng13 · My-Blog-Layui
Name of the Vulnerable Software and Affected Versions: ZHENFENG13/code-projects My-Blog-layui version 1.0 Description: A critical vulnerability affects the file upload function of the /admin/upload/authorImg/ endpoint. The manipulation of the File argument leads to unrestricted file upload. The...
My-Blog-layui 代码问题漏洞
My-Blog-layui is a blog system developed by ZHENFENG13. A code issue exists in My-Blog-layui version 1.0, the vulnerability stems from the wrong operation of the parameter File in the file /admin/upload/authorImg/, which leads to the upload of arbitrary files...
@aosweb/osui (>=0.0.23 <=0.0.25), @baosight/er (>=0.1.87 <=0.3.2) +44 more potentially affected by CVE-2025-27597 via @intlify/message-resolver (>=9.1.0 <=9.1.10)
@intlify/message-resolver NPM version =9.1.0, =0.0.23, =0.1.87, =9.14.2, =9.14.2, =0.3.1, =0.5.0, =1.9.7, =9.1.0, =9.1.0, =9.1.0, =9.1.0, =9.1.0, =3.0.0-alpha, =1.8.9, =2.14.0-alpha.3 and more Source cves: CVE-2025-27597 Source advisory: OSV:GHSA-P2PH-7G93-HW3M...
Funadmin 安全漏洞
FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in Funadmin version 5.0.2, which originates from an arbitrary file deletion vulnerability in /curd/index/delfile...
FunAdmin 安全漏洞
FunAdmin is FunAdmin open source a lightweight and high-color backend development system based on ThinkPHP6+Layui development. A security vulnerability exists in FunAdmin version 5.0.2, which originates from an SQL injection vulnerability in /curd/table/list...
Cross-site Scripting (XSS)
LayUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOM Clobbering caused by unsanitized attacker-controlled HTML elements, such as img tags with name attributes...
CVE-2024-47075
LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting XSS on web pages where attacker-controlled HTML elements e.g., img tags with unsanitized name attributes are present. Version 2.9.17...