A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-79CWE-94
Blossom Article Title ArticleController.java content cross site scripting
Problem type
Affected products
Blossom
1.17.0 - AFFECTED
1.17.1 - AFFECTED
References
VDB-346273 | Blossom Article Title ArticleController.java content cross site scripting
https://vuldb.com/?id.346273
VDB-346273 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.346273
Submit #751987 | Blossom Blossom ≤ 1.17.1 Improper Input Validation
https://vuldb.com/?submit.751987
fx4tqqfvdw4.feishu.cn
https://fx4tqqfvdw4.feishu.cn/docx/AXa1dpliBomr2Ox6dYJc6jJInEb
GitHub Security Advisories
GHSA-rm24-2x6v-8w7f
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function...
https://github.com/advisories/GHSA-rm24-2x6v-8w7fA vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-2622
fx4tqqfvdw4.feishu.cn
https://fx4tqqfvdw4.feishu.cn/docx/AXa1dpliBomr2Ox6dYJc6jJInEb
vuldb.com
https://vuldb.com/?ctiid.346273
vuldb.com
https://vuldb.com/?id.346273
vuldb.com
https://vuldb.com/?submit.751987
github.com
https://github.com/advisories/GHSA-rm24-2x6v-8w7f
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2622Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2622",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-17T20:32:40.131Z",
"dateReserved": "2026-02-17T10:24:09.111Z",
"datePublished": "2026-02-17T20:32:40.131Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-17T20:32:40.131Z"
},
"title": "Blossom Article Title ArticleController.java content cross site scripting",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "n/a",
"product": "Blossom",
"modules": [
"Article Title Handler"
],
"versions": [
{
"version": "1.17.0",
"status": "affected"
},
{
"version": "1.17.1",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross Site Scripting",
"cweId": "CWE-79",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.346273",
"name": "VDB-346273 | Blossom Article Title ArticleController.java content cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.346273",
"name": "VDB-346273 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.751987",
"name": "Submit #751987 | Blossom Blossom ≤ 1.17.1 Improper Input Validation",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://fx4tqqfvdw4.feishu.cn/docx/AXa1dpliBomr2Ox6dYJc6jJInEb",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 3.5,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 4
}
}
],
"timeline": [
{
"time": "2026-02-17T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-17T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-17T11:29:23.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "xcxr (VulDB User)",
"type": "reporter"
}
]
}
}
}