CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory...

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory...

Gira KNX/IP-Router 跨站脚本漏洞

The Gira KNX/IP-Router is a secure router for public buildings from Gira. A security vulnerability exists in the Gira KNX/IP-Router versions 3.1.3683.0 and 3.3.8.0, which stems from the fact that the application will reflect the supplied paths without the associated HTML coding, making it...

CVE-2023-33277

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. A security vulnerability exists in BlogEngine 3.3.8.0 and earlier versions , which stems from vulnerability to open redirects...

CVE-2023-22857

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

Cross site scripting

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post...

CVE-2023-22858 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs...

CVE-2023-22856 Stored cross-site scripting in BlogEngine.NET version 3.3.8.0

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...

PT-2023-18731 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: A stored Cross-site Scripting XSS issue allows the injection of arbitrary JavaScript in the security context of a blog visitor through the upload of a specially crafted file. Recommendations: For...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploits this vulnerability to inject arbitrary JavaScript in the secure environment of a blog visitor by...

BlogEngine 安全漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes, and more. A security vulnerability exists in BlogEngine.NET version 3.3.8.0, which stems from incorrect access control. An attacker exploiting this vulnerability can access the files of unpublishe...

PT-2023-13982 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: The issue allows an attacker to create any folder with a files prefix under the /App Data/ directory. Recommendations: For BlogEngine.NET version 3.3.8.0, consider restricting access to the /App Dat...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A cross-site scripting vulnerability exists in BlogEngine version v3.3.8.0, which was discovered to contain a cross-site scripting XSS vulnerability via the component...

PT-2022-23496 · Unknown · Blogengine

Name of the Vulnerable Software and Affected Versions: BlogEngine version 3.3.8.0 Description: A cross-site scripting XSS issue was found in the /blogengine/api/posts component, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Description field...