CVE-2025-9407 MEDIUM

CVE-2025-9407: mtons mblog profile cross site scripting

Vendor Mtons

Product mblog

Weakness CWE-79 · XSS

Published August 25, 2025

Last update August 25, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. Other parameters might be affected as well.

Key dates

02Disclosure timeline

August 25, 2025 CVE published

August 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9407

Related vulnerabilities

Identifiers

CVE CVE-2025-9407

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor Mtons

Product mblog

Affected 3.0

Vendor Mtons

Product mblog

Affected 3.1

Vendor Mtons

Product mblog

Affected 3.2

Vendor Mtons

Product mblog

Affected 3.3

Vendor Mtons

Product mblog

Affected 3.4

Vendor Mtons

Product mblog

Affected 3.5.0

CVE-2025-9407: mtons mblog profile cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE