64 matches found
CVE-2024-30420
Server-side request forgery SSRF vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain...
CVE-2020-35240
FluxBB 1.5.11 is affected by cross-site scripting XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the...
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-36560
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request...
Cloning Content to Linode Object Storage with RClone
...
CVE-2024-39313 toy-blog Improper Input Validation vulnerability
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known workaroun...
PT-2024-21927 · Webasyst · Webasyst
Name of the Vulnerable Software and Affected Versions: Webasyst version 2.9.9 Description: The issue allows attackers to create blogs containing malicious code after gaining blog permissions, which can lead to a Cross-Site Scripting XSS attack. Recommendations: For Webasyst version 2.9.9, conside...
CVE-2024-25610
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
a-blog cms security breach
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions Ver.3.1.0 through Ver.3.1.8, which stems from the presence of a URL spoofing vulnerability that could force a product administrator to visit an arbitrary website when clicking on a link ...
CVE-2024-23782
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
CVE-2024-23182
Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticate...
CVE-2024-23180
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...
a-blog cms security breach
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code by uploading a specially crafted SVG file. The following versions are affected: version 3.1.x to version 3.1...
a-blog cms security breach
a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms versions before Ver.3.1.7, before Ver.3.0.29, before Ver.2.11.58, and before Ver.2.10.50, which can be exploited by an attacker to execute arbitrary code by uploading a specially crafted SVG file...
Company Website CMS 代码问题漏洞
Company Website CMS is a company website/CMS by Torrahclef Individual Developer. Company Website CMS suffers from a code issue vulnerability that stems from an unrestricted upload due to the manipulation of the parameter ufile in an unknown portion of code in its add blog content component...
CVE-2021-41432
A stored cross-site scripting XSS vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content...
Cross site scripting
A stored cross-site scripting XSS vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content...
FlatPress 跨站脚本漏洞
Flatpress is a blog builder based on Php without database support from the Flatpress community. A cross-site scripting vulnerability exists in FlatPress version 1.2.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript commands via blog content...
CVE-2022-23810
Template injection Improper Neutralization of Special Elements Used in a Template Engine vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to...