BlogEngine v3.3.8.0 exists to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
blogengine blogengine.net 3.3.8.0 |
Vulmon