CVE-2025-2364 MEDIUM

CVE-2025-2364: lenve VBlog ArticleService.java addNewArticle cross site scripting

Vendor Lenve

Product VBlog

Weakness CWE-79 · XSS

Published March 17, 2025

Last update March 17, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

March 17, 2025 CVE published

March 17, 2025 Record updated