胡鑫

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Category List` parameter under the Lab module. **Recommendations** For OneBlog version 2.3.4, consider disabling access to the Lab module or restricting the `Category List` parameter to prevent exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. This vulnerability can be exploited via the component `{{rootpath}}/links`. **Recommendations** For OneBlog version 2.3.4, consider restricting access to the `{{rootpath}}/links` component until a patch is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A stored cross-site scripting (XSS) issue was found in the Notice Manage module. This allows for malicious scripts to be stored and executed on the site, potentially leading to unauthorized actions or data theft. No information is available on the estimated number of affected devices or real-world incidents. **Recommendations** For OneBlog version 2.3.4, as a temporary workaround, consider disabling the Notice Manage module until a patch is available. Restrict access to this module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A stored cross-site scripting (XSS) issue was found in the Privilege Management module. This allows for malicious scripts to be stored and executed on the site. **Recommendations** For OneBlog version 2.3.4, update to a version that fixes the stored cross-site scripting vulnerability in the Privilege Management module. As a temporary workaround, consider restricting access to the Privilege Management module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A stored cross-site scripting (XSS) issue was found in the Role Management module. This allows for malicious scripts to be stored and executed on the site. **Recommendations** For OneBlog version 2.3.4, as a temporary workaround, consider disabling the Role Management module until a patch is available. Restrict access to this module to minimize the risk of exploitation. Avoid using the module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A stored cross-site scripting (XSS) issue was found in the User Management module. This allows for malicious scripts to be stored and executed on the site. **Recommendations** For OneBlog version 2.3.4, update to a version that fixes the stored cross-site scripting issue in the User Management module. As a temporary workaround, consider restricting access to the User Management module to minimize the risk of exploitation.