7703 matches found
CVE-2025-8739
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...
CVE-2025-8740 zhenfeng13 My-Blog Category save cross site scripting
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to...
CVE-2025-8740 zhenfeng13 My-Blog Category save cross site scripting
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to...
CVE-2025-8740
CVE-2025-8740 affects zhenfeng13 My-Blog up to version 1.0.0. The vulnerability is a cross-site scripting in the Category Handler’s unknown function for the file path /admin/categories/save, triggered by manipulating the argument categoryName . It allows remote exploitation and the exploit has be...
CVE-2025-8739 zhenfeng13 My-Blog save cross-site request forgery
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...
CVE-2025-8739 zhenfeng13 My-Blog save cross-site request forgery
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has...
CVE-2025-8739
The CVE-2025-8739 issue affects zhenfeng13 My-Blog up to version 1.0.0. The vulnerability resides in the /admin/tags/save processing where manipulating the tagName parameter enables cross-site request forgery (CSRF). Impact is described as CSRF without details on confidentiality or integrity beyo...
CVE-2012-10042 Sflog! CMS 1.0 Arbitrary File Upload RCE
Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...
CVE-2012-10042
CVE-2012-10042 affects Sflog! CMS 1.0 via an authenticated file-upload vulnerability in the blog management interface (manage.php). With default credentials (admin:secret), authenticated users can upload files to blogs/download/uploads/, where the upload validation is insufficient, enabling a PHP...
BIT-OPENCART-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
PT-2025-32411 · Myblog · Myblog
Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog versions up to 1.0.0 Description: A cross-site request forgery issue exists due to the manipulation of the tagName argument in the processing of the /admin/tags/save API endpoint. The attack can be initiated remotely. The...
My-Blog 代码注入漏洞
My-Blog is ZHENFENG13 individual developer by SpringBoot + Mybatis + Thymeleaf and other technologies to achieve the Java blog system, page beautiful, full-featured, easy to deploy and perfect code. A code injection vulnerability exists in My-Blog 1.0.0 and earlier versions, which stems from...
My-Blog 安全漏洞
My-Blog is ZHENFENG13 individual developer by SpringBoot + Mybatis + Thymeleaf and other technologies to achieve the Java blog system, page beautiful, full-featured, easy to deploy and perfect code. A security vulnerability exists in My-Blog 1.0.0 and earlier versions, which stems from a cross-si...
PT-2025-32412 · Zhenfeng13 · Myblog
Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog versions up to 1.0.0 Description: A cross-site scripting issue exists in zhenfeng13 My-Blog up to version 1.0.0. The issue is related to the manipulation of the categoryName argument within an unknown function of the...
Cross-site Scripting (XSS)
Mezzanine CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to filter user-supplied input in the /blog/blogpost/add component, allowing injection of malicious scripts into blog posts...
That Time Tom Lehrer Pranked the NSA
Bluesky thread. Here's the paper, from 1957. Note reference 3...
Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Software Link: https://github.com/stephenmcd/mezzanine Version: 6.1.0 Category: Web Application...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
Cross-site Scripting (XSS)
Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog editor process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious scripts into blog content...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...