66 matches found
ForestBlog 代码问题漏洞
ForestBlog is an application, a personal blog. An arbitrary file upload vulnerability exists in ForestBlog 20220630 and earlier versions, which stems from a lack of valid validation of the uploaded file by the parameter filename in the file /admin/upload/img. An attacker can exploit this...
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...
Default credentials
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...
ForestBlog 跨站脚本漏洞
ForestBlog is an application. A personal blog. A security vulnerability exists in ForestBlog that allows admin/profile/save userAvatar XSS during the addition of a user avatar...
CVE-2022-29020
ForestBlog exposes a stored XSS in the admin/profile/save userAvatar flow when adding a user avatar (up to 2022-02-16). The NVD entry lists CVSS v2 base 4.3 (MEDIUM) and CVSS v3.1 base 6.1 (MEDIUM) with network attack vector, user interaction required, and partial information disclosure/integrity...
CVE-2022-29020
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar...
ForestBlog Cross-Site Scripting Vulnerability
ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...
CVE-2021-46034
A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...
Cross site scripting
A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...
CVE-2021-46033
In ForestBlog, as of 2021-12-28, File upload can bypass verification...
Design/Logic Flaw
In ForestBlog, as of 2021-12-28, File upload can bypass verification...
CVE-2021-46034
A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box...
CVE-2021-46034
ForestBlog is affected by a cross-site scripting (XSS) vulnerability exploitable via the nickname input box. The issue stems from insufficient validation of client-side data, allowing injected JavaScript to execute in the victim’s browser. Public references describe the vulnerability across multi...
CVE-2021-46033
In ForestBlog, as of 2021-12-28, File upload can bypass verification...
CVE-2021-46033
CVE-2021-46033 (ForestBlog) : Multiple sources confirm a vulnerability where file uploads bypass verification/authentication. The primary description states that, as of 2021-12-28, the file upload mechanism can bypass verification. Related entries describe the issue as a bypass of authentication ...
ForestBlog 代码问题漏洞
ForestBlog is an application. A personal blog A security vulnerability exists in ForestBlog that stems from a security issue where file uploads bypass authentication...
ForestBlog 跨站脚本漏洞
ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...
CVE-2020-18964
Cross Site Request Forgery CSRF Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges...