CVE-2023-22856

Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

Discovered by Ahsan Aziz on behalf of The Missing Link Security

Vulnerability Details

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.

Affected Versions

Discovered in: 3.3.8.0