Platform
php
Component
vulnerability-research
Opgelost in
3.5.1
CVE-2024-13199 is a cross-site scripting (XSS) vulnerability affecting Mblog Blog System versions 3.5.0 through 3.5.0. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability resides in the /search endpoint’s 'kw' parameter. A patch is available in version 3.5.1.
An attacker can exploit this XSS vulnerability by crafting a malicious URL containing a specially crafted 'kw' parameter. When a user visits this URL, the injected script will execute in their browser context, allowing the attacker to steal cookies, redirect the user to a phishing site, or modify the content of the page. The impact can range from minor annoyance to complete account compromise, depending on the attacker's skill and the privileges of the affected user. Given the public disclosure of this vulnerability, it is likely that automated scanners are already attempting to exploit it.
This vulnerability was publicly disclosed on 2025-01-09. The vendor was notified but did not respond. The vulnerability's LOW CVSS score suggests a relatively low level of technical difficulty to exploit, which increases the likelihood of automated exploitation attempts. No known KEV listing or active exploitation campaigns have been reported as of this date.
Websites and applications using Mblog Blog System version 3.5.0 are at risk. Shared hosting environments are particularly vulnerable, as attackers may be able to exploit the vulnerability through other tenants on the same server. Users who frequently access the /search endpoint are also at higher risk.
• php / web:
curl -s -X GET 'http://your-mblog-system/search?kw=<script>alert(1)</script>' | grep -i alert• generic web:
curl -s -X GET 'http://your-mblog-system/search?kw=<script>alert(1)</script>' | grep -i alertdisclosure
Exploit Status
EPSS
0.19% (40% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2024-13199 is to upgrade Mblog Blog System to version 3.5.1 or later, which contains the fix. If upgrading is not immediately possible, consider implementing input validation and output encoding on the /search endpoint to sanitize the 'kw' parameter. Web application firewalls (WAFs) can also be configured to block requests containing suspicious characters or patterns in the 'kw' parameter. After upgrading, verify the fix by attempting to inject a simple XSS payload into the /search endpoint and confirming that it is properly sanitized.
Actualizar a una versión parcheada o aplicar una solución para evitar la ejecución de scripts arbitrarios en el contexto del usuario. Validar y escapar correctamente las entradas del usuario en la barra de búsqueda para prevenir ataques XSS. Si no hay actualizaciones disponibles, considerar deshabilitar la funcionalidad de búsqueda o implementar medidas de seguridad adicionales en el servidor web.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-13199 is a cross-site scripting (XSS) vulnerability in Mblog Blog System versions 3.5.0–3.5.0, allowing attackers to inject malicious scripts via the /search endpoint's 'kw' parameter.
If you are running Mblog Blog System version 3.5.0, you are potentially affected by this vulnerability. Upgrade to 3.5.1 to mitigate the risk.
Upgrade Mblog Blog System to version 3.5.1 or later. As a temporary workaround, implement input validation and output encoding on the /search endpoint.
While no active exploitation campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation attempts.
Check the official Mblog Blog System website or security mailing list for the advisory related to CVE-2024-13199.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.