CVE-2025-9430

LOW

mtons mblog <3.5.0 - XSS

Title source: llm

Description

A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.

Exploits (1)

gitee 3,324 stars

by mtons · javawriteup

https://gitee.com/mtons/mblog/issues/ICPMMF

References (4)

[Exploit, Issue Tracking] https://gitee.com/mtons/mblog/issues/ICPMMF

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.321271

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.321271

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.634156

Scores

CVSS v3 2.4

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

mtons/mblog < 3.5.0

Published Aug 26, 2025

Tracked Since Feb 18, 2026