CVE-2022-35569

Name of the Vulnerable Software and Affected Versions Blogifier version 3.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted file, exploiting an arbitrary file upload vulnerability at the /api/storage/upload/PostImage API endpoint. This enables attackers to potentially upload malicious files.

Recommendations For Blogifier version 3.0, consider disabling the /api/storage/upload/PostImage API endpoint until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to this endpoint to minimize the risk of uploading malicious files.