Skip to main content

Bolo Blog

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4616 LOW POC Monitor

A cross-site scripting (XSS) vulnerability exists in bolo-blog version 2.6.4 in the Article Title Handler component at /console/article/, where the articleTitle parameter is not properly sanitized before being rendered. An authenticated attacker with high privileges can inject malicious JavaScript through the articleTitle argument, resulting in stored or reflected XSS that compromises the integrity of the application. A proof-of-concept exploit has been publicly released on GitHub, and the vendor has not yet responded to early disclosure notifications.

XSS Bolo Blog
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-4616
EPSS 0% CVSS 1.9
LOW POC Monitor

A cross-site scripting (XSS) vulnerability exists in bolo-blog version 2.6.4 in the Article Title Handler component at /console/article/, where the articleTitle parameter is not properly sanitized before being rendered. An authenticated attacker with high privileges can inject malicious JavaScript through the articleTitle argument, resulting in stored or reflected XSS that compromises the integrity of the application. A proof-of-concept exploit has been publicly released on GitHub, and the vendor has not yet responded to early disclosure notifications.

XSS Bolo Blog
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy