CVE-2020-21180

Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page...

CVE-2020-18194

Cross Site Scripting XSS in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post...

Exploit for CVE-2025-37899

This is the artefact repository associated with my blog post Ho...

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

CVE-2019-16661

Ogma CMS 0.5 has XSS via creation of a new blog...

CVE-2017-15539

SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php...

CVE-2017-17949

Cells Blog 3.5 has XSS via the pubreadpost.php fmid parameter...

CVE-2017-17948

Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

CVE-2017-1000467

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

CVE-2019-6034

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

CVE-2019-6033

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-3494

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter...

CVE-2010-3030

Cross-site request forgery CSRF vulnerability in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password. NOTE: the provenance of this information is unknown; the details are...

CVE-2012-6105

blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

CVE-2017-17950

Cells Blog 3.5 has SQL Injection via the pubreadpost.php ptid parameter...

CVE-2017-14345

SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php...

CVE-2017-20060

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

CVE-2017-1000463

Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code...