CVE-2023-22857

Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

Discovered by Ahsan Aziz on behalf of The Missing Link Security

Vulnerability Details

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.

Affected Versions

Discovered in: 3.3.8.0

Latest News