CVE-2025-3591

Name of the Vulnerable Software and Affected Versions: ZHENFENG13/code-projects My-Blog-layui version 1.0

Description: A vulnerability was found in the file /admin/v1/blog/edit, which leads to cross-site scripting. The attack may be launched remotely, and multiple parameters might be affected. The vendor was contacted about this disclosure but did not respond.

Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the /admin/v1/blog/edit endpoint until a patch is available. Avoid using potentially vulnerable parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.