CVE-2026-2622
Received Received - Intake
Remote XSS in Blossom Article Title Handler (v

Publication date: 2026-02-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2026-02-17
EPSS Evaluated
2026-05-25
NVD
CVE-2026-2622
EUVD
EUVD-2026-7656
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wangyunf blossom to 1.17.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-2622 is a stored cross-site scripting (XSS) vulnerability found in Blossom versions up to 1.17.1. It affects the content function in the ArticleController.java file, specifically related to handling article titles. The vulnerability arises because user-supplied input is not properly sanitized or encoded before being included in web page output. This allows remote attackers to inject malicious scripts or HTML code into article titles, which then execute in the browsers of users who view the affected content.

The attack can be launched remotely and requires some user interaction, such as viewing the compromised article. The flaw is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and aligns with MITRE ATT&CK technique T1059.007 (JavaScript interpreter). There is a public proof-of-concept exploit available, and no vendor patches or mitigations have been provided.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who view the compromised article titles. Potential impacts include session hijacking, where attackers steal user session tokens; user redirection to malicious websites; and unauthorized actions performed on behalf of the victim user.

Because the attack is remotely exploitable and requires only that a user views the affected content, it poses a risk to data integrity and user trust. The vulnerability has a low severity score but can still lead to significant security issues if exploited.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability is a stored cross-site scripting (XSS) issue affecting the Blossom application, specifically in the article title handling functionality. Detection involves identifying if malicious scripts have been injected into article titles via the /article/add endpoint and if these scripts execute when viewing content through the /article/temp/h page.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or presence of this vulnerability on your system, you can monitor HTTP requests and responses for suspicious input or output containing script tags or JavaScript code in article titles.'}, {'type': 'list_item', 'content': 'Use web application scanning tools that detect XSS vulnerabilities by submitting payloads to the /article/add endpoint and observing if they are executed when accessing /article/temp/h.'}, {'type': 'list_item', 'content': 'Manually inspect stored article titles in the database for suspicious script tags or encoded JavaScript.'}, {'type': 'list_item', 'content': "Example command to search for suspicious script tags in stored article titles (assuming a SQL database):\n`SELECT id, title FROM articles WHERE title LIKE '%<script>%';`"}, {'type': 'list_item', 'content': 'Use network traffic monitoring tools (e.g., tcpdump, Wireshark) to capture HTTP traffic and filter for requests to /article/add containing suspicious payloads.'}, {'type': 'list_item', 'content': "Example curl command to test for XSS injection:\n`curl -X POST -d 'title=<script>alert(1)</script>' https://your-blossom-instance/article/add`"}] [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Currently, there are no vendor patches or official mitigations available for this vulnerability.

Immediate mitigation steps include:

  • Avoid using the affected Blossom versions up to 1.17.1; consider replacing the component with an alternative product if possible.
  • Implement input validation and output encoding on the article title input to neutralize any malicious scripts before storing or rendering.
  • Apply web application firewall (WAF) rules to detect and block common XSS payloads targeting the /article/add endpoint.
  • Restrict user privileges to limit who can submit or edit article titles, reducing the risk of malicious input.
  • Monitor logs and network traffic for suspicious activity related to this vulnerability.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart