CVE-2026-2622 | Blossom up to 1.17.1 Article Title ArticleController.java content cross site scripting

A vulnerability labeled as problematic has been found in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting.

This vulnerability is reported as CVE-2026-2622. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2622 | Blossom up to 1.17.1 Article Title ArticleController.java content cross site scripting

Post correlati

CVE-2025-63040 | Saad Iqbal Post Snippets Plugin up to 4.0.11 on WordPress cross-site request forgery

CVE-2024-9249 | Foxit PDF Reader PDF File Parser out-of-bounds (ZDI-24-1301)

CVE-2024-6848 | BoldGrid Post and Page Builder Plugin up to 1.26.6 on WordPress File Upload cross site scripting

CVE-2025-20201 | Cisco IOS XE up to 17.15.1w CLI unusual condition (cisco-sa-iosxe-privesc-su7scvdp)