CVE-2023-22857

Name of the Vulnerable Software and Affected Versions BlogEngine.NET version 3.3.8.0

Description A stored Cross-site Scripting (XSS) vulnerability allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. Additionally, an Improper Access Control vulnerability allows unauthenticated visitors to access the files of unpublished blogs.

Recommendations For BlogEngine.NET version 3.3.8.0, as a temporary workaround, consider restricting access to blog posts until a patch is available. Avoid using the blog post feature in BlogEngine.NET until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.