Platform
php
Component
vulnerability-research
Fixed in
3.5.1
CVE-2024-13199 is a cross-site scripting (XSS) vulnerability affecting Mblog Blog System versions 3.5.0 through 3.5.0. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability resides in the /search endpoint’s 'kw' parameter. A patch is available in version 3.5.1.
An attacker can exploit this XSS vulnerability by crafting a malicious URL containing a specially crafted 'kw' parameter. When a user visits this URL, the injected script will execute in their browser context, allowing the attacker to steal cookies, redirect the user to a phishing site, or modify the content of the page. The impact can range from minor annoyance to complete account compromise, depending on the attacker's skill and the privileges of the affected user. Given the public disclosure of this vulnerability, it is likely that automated scanners are already attempting to exploit it.
This vulnerability was publicly disclosed on 2025-01-09. The vendor was notified but did not respond. The vulnerability's LOW CVSS score suggests a relatively low level of technical difficulty to exploit, which increases the likelihood of automated exploitation attempts. No known KEV listing or active exploitation campaigns have been reported as of this date.
Exploit Status
EPSS
0.19% (40% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-13199 is to upgrade Mblog Blog System to version 3.5.1 or later, which contains the fix. If upgrading is not immediately possible, consider implementing input validation and output encoding on the /search endpoint to sanitize the 'kw' parameter. Web application firewalls (WAFs) can also be configured to block requests containing suspicious characters or patterns in the 'kw' parameter. After upgrading, verify the fix by attempting to inject a simple XSS payload into the /search endpoint and confirming that it is properly sanitized.
Update to a patched version or apply a fix to prevent the execution of arbitrary scripts in the user's context. Properly validate and escape user input in the search bar to prevent XSS attacks. If no updates are available, consider disabling the search functionality or implementing additional security measures on the web server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-13199 is a cross-site scripting (XSS) vulnerability in Mblog Blog System versions 3.5.0–3.5.0, allowing attackers to inject malicious scripts via the /search endpoint's 'kw' parameter.
If you are running Mblog Blog System version 3.5.0, you are potentially affected by this vulnerability. Upgrade to 3.5.1 to mitigate the risk.
Upgrade Mblog Blog System to version 3.5.1 or later. As a temporary workaround, implement input validation and output encoding on the /search endpoint.
While no active exploitation campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation attempts.
Check the official Mblog Blog System website or security mailing list for the advisory related to CVE-2024-13199.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.