A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.
History

Thu, 28 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mtons:mblog:*:*:*:*:*:*:*:*

Tue, 26 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Aug 2025 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Mtons
Mtons mblog
Vendors & Products Mtons
Mtons mblog

Tue, 26 Aug 2025 00:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.
Title mtons mblog update cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-26T20:22:39.422Z

Reserved: 2025-08-25T09:40:39.534Z

Link: CVE-2025-9430

cve-icon Vulnrichment

Updated: 2025-08-26T20:22:21.494Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-26T01:15:45.150

Modified: 2025-08-28T14:02:18.183

Link: CVE-2025-9430

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-26T07:20:37Z