3 matches found
ZrLog Cross-Site Scripting Vulnerability (CNVD-2023-54438)
ZrLog is a blogging system developed using the Java language. A cross-site scripting XSS vulnerability exists in ZrLog version 2.1.3. An attacker can exploit this vulnerability to execute arbitrary code via the nickname parameter of the /post/addComment function...
ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-43499)
ZrLog is a blogging system developed using the Java language. A security vulnerability exists in ZrLog 2.1.3, which can be exploited by remote attackers to inject arbitrary web scripts and stolen administrator cookies via the nickname parameter and gain access to the admin panel...
SQL Injection Vulnerability in ZrLog
ZrLog is a blogging program developed using Java. ZrLog suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...