CVE-2024-29471

Name of the Vulnerable Software and Affected Versions OneBlog version 2.3.4

Description A stored cross-site scripting (XSS) issue was found in the Notice Manage module. This allows for malicious scripts to be stored and executed on the site, potentially leading to unauthorized actions or data theft. No information is available on the estimated number of affected devices or real-world incidents.

Recommendations For OneBlog version 2.3.4, as a temporary workaround, consider disabling the Notice Manage module until a patch is available. Restrict access to this module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.