Lucene search
K

39 matches found

CNNVD
CNNVD
added 2026/04/08 12:0 a.m.13 views

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the improper storage and rendering of blacklist remark parameters into HTML attributes, potentially allowing...

4.8CVSS6.1AI score0.0023EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

CI4MS 授权问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained a vulnerability related to authorization issues, which allowed attackers to access sensitive system information...

7.2CVSS5.8AI score0.00471EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the srcdoc attribute in Google Maps iframes not being filtered properly, which could allow attackers with administrator...

5.5CVSS5.9AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/06 12:19 p.m.2 views

CVE-2018-25200 OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS5.7AI score0.00155EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.9 views

CVE-2023-29636

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...

5.4CVSS5.7AI score0.00414EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-33177

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00414EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-32733

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00416EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-32732

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00441EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/10 6:14 p.m.11 views

CVE-2012-10042

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

8.7CVSS7.5AI score0.00906EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/08 6:12 p.m.4 views

CVE-2012-10042 Sflog! CMS 1.0 Arbitrary File Upload RCE

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

8.7CVSS7.7AI score0.00906EPSS
Exploits0References4
NVD
NVD
added 2023/05/01 4:15 p.m.13 views

CVE-2023-29636

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...

5.4CVSS5.4AI score0.00414EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/01 12:0 a.m.5 views

PT-2023-22345

Name of the Vulnerable Software and Affected Versions ZHENFENG13 My-Blog affected versions not specified Description A cross site scripting XSS issue allows attackers to inject arbitrary web script or HTML via the title field in the "blog management" page due to the default configuration not usin...

5.4CVSS5.8AI score0.00414EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/05/01 12:0 a.m.9 views

CVE-2023-29636

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...

5.4AI score0.00414EPSS
Exploits1References1
CVE
CVE
added 2023/05/01 12:0 a.m.48 views

CVE-2023-29636

CVE-2023-29636 is a cross-site scripting (XSS) vulnerability in ZHENFENG13 My-Blog. The root cause is that the title field on the blog management page is not sanitized with MyBlogUtils.cleanString, enabling arbitrary script/HTML injection. Reported details are corroborated by multiple sources (NV...

5.4CVSS5.3AI score0.00414EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/01/23 12:0 a.m.17 views

mysiteforme cross-site scripting vulnerability

Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...

5.4CVSS3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.17 views

mysiteforme Cross-Site Request Forgery Vulnerability

Mysiteforme is a permission management system. A cross-site request forgery vulnerability exists in mysiteforme, which stems from a lack of validation for cross-site request forgery in the backend blog administration. An attacker could use a forged malicious request to trick a victim into clickin...

6.5CVSS6.4AI score0.00416EPSS
Exploits1References1
NVD
NVD
added 2022/01/20 12:15 a.m.16 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

5.4CVSS0.00441EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/01/20 12:15 a.m.5 views

CVE-2021-46026

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

5.4CVSS5.9AI score0.00441EPSS
Exploits1References2
Prion
Prion
added 2022/01/20 12:15 a.m.16 views

Cross site scripting

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting XSS via the add blog tag function in the blog tag in the background blog management...

3.5CVSS5.2AI score0.00441EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/01/19 11:15 p.m.4 views

CVE-2021-46027

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added...

6.5CVSS5.8AI score0.00416EPSS
Exploits1References1
Rows per page
Query Builder