CVE-2022-37679

Name of the Vulnerable Software and Affected Versions Miniblog.Core version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field in the "/blog/edit" API endpoint. This enables the execution of malicious code on the client-side.

Recommendations For Miniblog.Core version 1.0, consider disabling the editing functionality in the /blog/edit component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Excerpt field to minimize the risk of malicious payload injection.