CVE-2019-9765

Name of the Vulnerable Software and Affected Versions Blog mini version 1.0

Description A security issue exists in the application, where an XSS attack can be performed via the author name of a comment reply. This issue is related to the articleDetails() function in the app/main/views.py file and the app/templates/ article comments.html template.

Recommendations For Blog mini version 1.0, consider disabling the comment reply feature or restricting the author name input field in the articleDetails() function until a patch is available. Restrict access to the app/templates/ article comments.html template to minimize the risk of exploitation.