CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

CVE-2025-2835

The CVE-2025-2835 entry concerns zhangyd-c OneBlog up to version 2.3.9. The vulnerable item is the autoLink function in com/zyd/blog/controller/RestApiController.java, where manipulation can trigger server-side request forgery (SSRF). The issue allows remote exploitation, and public disclosures e...

CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...

CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

CVE-2025-2833

The CVE-2025-2833 entry concerns zhangyd-c OneBlog (≤2.3.9) where the HTTP Header Handler’s handling of X-Forwarded-For allows an attack via insufficient regular-expression complexity (a ReDoS-like issue). A remote attacker could exploit this vulnerability; exploitation details are present in con...

CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...

OneBlog 代码问题漏洞

OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog 2.3.9 and earlier versions, which stems from an incorrect operation of the autoLink function that can lead to server-side request forgery...

OneBlog 安全漏洞

OneBlog is a beautiful and powerful Java blog by the individual developer yadong.zhang. A security vulnerability exists in OneBlog 2.3.9 and earlier versions, which stems from a mishandling of the X-Forwarded-For parameter that can lead to insufficient regular expression complexity...

OneBlog Template Injection Vulnerability

OneBlog is a Java blog. OneBlog suffers from a template injection vulnerability, no details of the vulnerability are provided at this time...

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

CVE-2024-54954

OneBlog v2.3.6 is affected by a template injection vulnerability in the template management area (CVE-2024-54954). Affected product/component: OneBlog, version 2.3.6. Root cause details are not fully disclosed in the provided documents, but the vulnerability is described as template injection. Im...

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department...

OneBlog Lab Module Cross-Site Scripting Vulnerability

OneBlog is a Java blog. OneBlog v2.3.4 version of a cross-site scripting vulnerability , the vulnerability stems from the Lab module under the Category List parameter of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by injecting a...

OneBlog User Management Module Cross-Site Scripting Vulnerability

OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from a lack of effective filtering and escaping of user-supplied data in the User Management module, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a...