CVE-2025-8740

Name of the Vulnerable Software and Affected Versions zhenfeng13 My-Blog versions up to 1.0.0

Description A cross-site scripting issue exists in zhenfeng13 My-Blog up to version 1.0.0. The issue is related to the manipulation of the categoryName argument within an unknown function of the /admin/categories/save file in the Category Handler component. The attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 1.0.0 are recommended. As a temporary workaround, consider restricting or carefully validating the categoryName input to prevent script injection.