CVE-2025-9101
BaseFortify
Publication date: 2025-08-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zhenfeng13 | my-blog | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9101 is a stored Cross-Site Scripting (XSS) vulnerability in the My-Blog application by zhenfeng13, affecting versions up to 1.0.0. It occurs in the Tag Handler component at the /admin/tags/save endpoint, where user input is not properly validated or sanitized before being stored. This allows attackers to inject malicious scripts into the database. When these stored tags are later displayed at /admin/tags, the malicious scripts execute in the context of an administrator's browser because no output encoding or escaping is applied. Additionally, the application lacks Cross-Site Request Forgery (CSRF) protection, enabling attackers to trick authenticated admin users into submitting malicious tags. This vulnerability can be exploited remotely and requires some user interaction. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the context of an administrator's browser. This can lead to unauthorized actions such as stealing admin session cookies, performing actions on behalf of the admin, or injecting malicious content. The lack of CSRF protection further increases the risk by enabling attackers to trick authenticated admins into unknowingly executing harmful scripts. Overall, it compromises data integrity and the security of the admin interface, potentially leading to unauthorized access or control over the application. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /admin/tags/save endpoint for improper input validation and stored XSS. You can attempt to submit a tag containing a simple script payload (e.g., <script>alert(1)</script>) via HTTP POST to /admin/tags/save and then check if the script executes when viewing /admin/tags. Commands using curl to test might be: curl -X POST -d "tagName=<script>alert(1)</script>" https://yourdomain.com/admin/tags/save Then visit or fetch the /admin/tags page to see if the script is executed or present unencoded. Additionally, monitoring HTTP requests for suspicious payloads targeting /admin/tags/save can help detect exploitation attempts. Since the application lacks CSRF protection, testing for CSRF vulnerabilities by attempting to submit tags via forged requests can also help detect the issue. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/tags/save endpoint to trusted administrators only, applying strict input validation and sanitization on all user inputs to this endpoint, and implementing proper output encoding/escaping when displaying tags to prevent script execution. Additionally, enabling CSRF protection mechanisms to prevent unauthorized tag submissions is critical. If possible, replace or update the affected component or software to a version without this vulnerability. Since no known countermeasures or patches are currently available, limiting exposure and applying web application firewall (WAF) rules to detect and block XSS payloads targeting this endpoint can help reduce risk. [1, 2, 3]