CVE-2025-9429

LOW

mtons mblog <3.5.0 - XSS

Title source: llm

Description

A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Exploits (2)

gitee 3,324 stars

by mtons · javawriteup

https://gitee.com/mtons/mblog/issues/ICPMLJ

gitee 3,324 stars

by mtons · javawriteup

https://gitee.com/mtons/mblog/issues/ICPMLW

References (6)

[Exploit, Issue Tracking] https://gitee.com/mtons/mblog/issues/ICPMLJ

[Exploit, Issue Tracking] https://gitee.com/mtons/mblog/issues/ICPMLW

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.321270

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.321270

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.634153

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.634155

Scores

CVSS v3 3.5

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

mtons/mblog < 3.5.0

Published Aug 26, 2025

Tracked Since Feb 18, 2026