Headline
CVE-2023-22858: Stored cross-site scripting in BlogEngine.NET version 3.3.8.0
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
Discovered by Ahsan Aziz on behalf of The Missing Link Security
Vulnerability Details
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
Affected Versions
Discovered in: 3.3.8.0