PT-2022-19368 · Unknown · Forestblog

Fiblue

Published

2022-04-15

Updated

2022-04-25

CVE-2022-29020

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ForestBlog through 2022-02-16

Description The issue allows for XSS during the addition of a user avatar. This occurs in the admin/profile/save endpoint, specifically with the userAvatar parameter. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For ForestBlog through 2022-02-16, consider disabling the admin/profile/save endpoint or restricting access to it until a fix is available. As a temporary workaround, avoid using the userAvatar parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-29020

Affected Products

Forestblog

PT-2022-19368 · Unknown · Forestblog

CVE-2022-29020

Weakness Enumeration

Related Identifiers

Affected Products

References · 5