Here, I catalog the vulnerabilities I've discovered, the corresponding write-ups containing details of the weaknesses, and insights into their impact and remediation.
| CVE ID | Vulnerability Title | CVSS | Published | Write-Up |
|---|---|---|---|---|
| CVE-2024-13199 | Mtons mblog 3.5.0 Search Function Reflected Cross Site Scripting (XSS) | 3.2 | Jan 8, 2025 | Read the full write-up |
| CVE-2024-13198 | Mtons mblog 3.5.0 Login Observable Response Discrepancy | 3.4 | Jan 8, 2025 | Read the full write-up |
| CVE-2024-13032 | Antabot White-Jotter 0.2.2 Server-Side Request Forgery (SSRF) | 5.1 | Dec 29, 2024 | Read the full write-up |
| CVE-2024-13031 | Antabot White-Jotter 0.2.2 Reflected Cross-Site Scripting (XSS) | 5.1 | Dec 29, 2024 | Read the full write-up |
| CVE-2024-13029 | Antabot White-Jotter 0.2.2 Server-Side Request Forgery (SSRF) | 5.3 | Dec 29, 2024 | Read the full write-up |
| CVE-2024-13028 | Antabot White-Jotter 0.2.2 Observable Response Discrepancy | 6.3 | Dec 29, 2024 | Read the full write-up |
| CVE-2024-12995 | Ruifang-Tech (上海锐昉科技有限公司) Rebuild 3.8.6 Stored Cross Site Scripting (XSS) | 5.3 | Dec 27, 2024 | Read the full write-up |
| CVE-2024-12990 | Ruifang-Tech (上海锐昉科技有限公司) Rebuild 3.8.6 Open Redirect | 5.3 | Dec 27, 2024 | Read the full write-up |
| CVE-2024-55452 | Dromara UJCMS <= 9.6.3 Arbitrary URL Redirection Via Block Item Upload | 5.4 | Dec 17, 2024 | Read the full write-up |
| CVE-2024-55451 | Dromara UJCMS <= 9.6.3 Authenticated SVG-based Stored Cross Site Scripting (XSS) | 4.8 | Dec 17, 2024 | Read the full write-up |
| CVE-2024-12665 | Ruifang-Tech (上海锐昉科技有限公司) Rebuild 3.8.5 Task Comment Attachment Upload Stored Cross Site Scripting (XSS) | 3.5 | Dec 16, 2024 | Read the full write-up |
| CVE-2024-12664 | Ruifang-Tech (上海锐昉科技有限公司) Rebuild 3.8.5 Project Task Comment Stored Cross Site Scripting (XSS) | 3.5 | Dec 16, 2024 | Read the full write-up |
| CVE-2024-12663 | FunnyZPC mee-admin 1.6 Login Username Observable Response Discrepancy | 3.7 | Dec 16, 2024 | Read the full write-up |
| CVE-2024-12483 | Dromara UJCMS <= 9.6.3 User ID /users/id Authorization Issue | 3.7 | Dec 11, 2024 | Read the full write-up |
I extend my gratitude to the vendors and security teams who cooperated during the responsible disclosure process. Your dedication to improving application security is invaluable.