CVE-2026-2622

Source
https://cve.org/CVERecord?id=CVE-2026-2622
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2622.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2622
Published
2026-02-17T20:32:40.131Z
Modified
2026-07-15T01:49:03.373225300Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Blossom Article Title ArticleController.java content cross site scripting
Details

A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific
{
    "cwe_ids": [
        "CWE-79",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2622.json",
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "1.17.0"
                },
                {
                    "last_affected": "1.17.0"
                },
                {
                    "introduced": "1.17.1"
                },
                {
                    "last_affected": "1.17.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/blossom-editor/blossom

Affected ranges

Type
GIT
Repo
https://github.com/blossom-editor/blossom
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:wangyunf:blossom:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.17.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v.*
v.1.10.0
v1.*
v1.0.0
v1.1.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.17.1
v1.2.0
v1.3.0
v1.4.0
v1.4.1
v1.5.0
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.8.0
v1.8.1
v1.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2622.json"