Mini Blog Security Vulnerabilities
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component...
6.1CVSS
6.2AI Score
0.001EPSS
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component...
6.1CVSS
6.2AI Score
0.001EPSS
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before...
9.6CVSS
9.1AI Score
0.003EPSS
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before...
9.6CVSS
9.2AI Score
0.002EPSS
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before...
8.8CVSS
8.6AI Score
0.001EPSS
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key...
8.8CVSS
8.6AI Score
0.001EPSS
In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to...
6.1CVSS
5.9AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the...
7.7AI Score
0.006EPSS
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640...
7.1AI Score
0.006EPSS
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin...
7.3AI Score
0.03EPSS