CVE-2024-13199

Name of the Vulnerable Software and Affected Versions langhsu Mblog Blog System version 3.5.0

Description A problematic vulnerability was found in the Search Bar component of the langhsu Mblog Blog System, affecting an unknown functionality of the file /search. The manipulation of the kw argument leads to cross-site scripting. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For version 3.5.0, as a temporary workaround, consider restricting access to the /search endpoint until a patch is available. Avoid using the kw argument in the affected Search Bar component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.