CVE-2025-5510

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5509

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2025-5513

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5513

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5513 quequnlong shiyi-blog add cross site scripting

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5513

CVE-2025-5513 affects quequnlong shiyi-blog up to version 1.2.1. The vulnerability concerns an unknown function at /dev-api/api/comment/add where manipulating the content argument enables cross-site scripting. Attacks can be launched remotely, and the exploit has been disclosed publicly; vendor r...

CVE-2025-5513 quequnlong shiyi-blog add cross site scripting

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5511

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-5510

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5511

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-5512

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the atta...

CVE-2025-5510

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5512

Summary (CVE-2025-5512) : quequnlong shiyi-blog, up to version 1.2.1, has an improper authentication flaw in the Administrator Backend at /api/sys/user/verifyPassword/. The vulnerability affects the Administrator Backend component and can be exploited remotely; multiple sources (NVD/NVD mirror, R...

CVE-2025-5512 quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the atta...

CVE-2025-5512 quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the atta...

CVE-2025-5511 quequnlong shiyi-blog photos improper authorization

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-5511 quequnlong shiyi-blog photos improper authorization

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-5511

CVE-2025-5511 affects quequnlong shiyi-blog up to 1.2.1. The vulnerability stems from improper authorization in handling the /dev api/app/album/photos/ endpoint, potentially enabling remote abuse. Public exploit information exists. No official patch details are provided in the supplied documents;...

CVE-2025-5510 quequnlong shiyi-blog optimize server-side request forgery

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5510

CVE-2025-5510 affects quequnlong shiyi-blog (versions up to 1.2.1). The issue is a server-side request forgery in unknown code at /app/sys/article/optimize triggered by manipulating the url parameter. Exploitation is remote and has been disclosed publicly; vendor did not respond. Remediation guid...