37 matches found
CVE-2022-40035
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component...
CVE-2022-40036
CVE-2022-40036 affects Rawchen blog-ssm v1.0. The vulnerability is a permission-check bypass in the /adminGetUserList component that can lead to leakage of sensitive user information. Root cause: inadequate authorization checks allow an attacker with network access to obtain user data; no exploit...
CVE-2022-40037
CVE-2022-40037 affects Rawchen blog-ssm v1.0. an issue in the /upFile component allows a remote attacker to escalate privileges and execute arbitrary commands. The vulnerability is described across multiple sources (NVD/Red Hat/CVE listing) as a remote, unauthenticated issue with high impact (Con...
CVE-2022-40036
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component...
CVE-2022-40037
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...
CVE-2022-40037
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile...
CVE-2022-40036
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component...
PT-2023-13745 · Unknown · Rawchen Blog-Ssm
Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: An issue in Rawchen blog-ssm allows a remote attacker to escalate privileges and execute arbitrary commands via the component "/upFile". Recommendations: For Rawchen blog-ssm version 1.0, consider...
PT-2023-13744 · Rawchen · Rawchen Blog-Ssm
Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: An issue was discovered that allows an attacker to obtain sensitive user information by bypassing permission checks via the "adminGetUserList" component, specifically through the "/adminGetUserList" A...
CVE-2022-40034
Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...
CVE-2022-40034
Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...
Cross site scripting
Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...
CVE-2022-40034
CVE-2022-40034 is an XSS vulnerability affecting Rawchen blog-ssm v1.0. The issue allows an attacker to execute arbitrary code via the notifyInfo parameter. Public sources consistently describe the vulnerability as XSS in Rawchen blog-ssm v1.0; the root cause is indicated as improper handling of ...
CVE-2022-40034
Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...
Rawchen blog-ssm 跨站脚本漏洞
blog-ssm is a JavaWeb-based blog project by the individual developer Rawchen in China. A security vulnerability exists in Rawchen blog-ssm v1.0, which stems from a cross-site scripting XSS vulnerability that can be exploited by an attacker to execute arbitrary code via the notifyInfo parameter...
CVE-2022-40034
Cross-Site Scripting XSS vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter...
PT-2023-13742 · Rawchen · Rawchen Blog-Ssm
Name of the Vulnerable Software and Affected Versions: Rawchen blog-ssm version 1.0 Description: A Cross-Site Scripting XSS issue allows attackers to execute arbitrary code via the notifyInfo parameter. This enables attackers to inject malicious scripts into websites, potentially leading to...