141 matches found
CVE-2024-29472
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the Privilege Management module...
CVE-2024-29473
OneBlog v2.3.4 contains a stored cross-site scripting (XSS) vulnerability in the Role Management module. The issue stems from insufficient input filtering/escaping of user-supplied data, enabling attacker-supplied scripts to be stored and executed in the victim’s browser. CVSS data indicates low ...
CVE-2024-29470
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the component rootpath/links...
CVE-2024-29471
CVE-2024-29471 concerns OneBlog v2.3.4, which has a stored cross-site scripting (XSS) vulnerability in the Notice Manage module. The NVD entry lists a CVSSv3.1 base score of 5.4 (Medium) with network attack, low complexity, required user interaction, and scope changed. Multiple connected sources ...
OneBlog 安全漏洞
OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from a lack of effective filtering and escaping of user-supplied data in the User Management module, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a...
PT-2024-22920 · Oneblog · Oneblog
Name of the Vulnerable Software and Affected Versions: OneBlog version 2.3.4 Description: A stored cross-site scripting XSS issue was found in the User Management module. This allows for malicious scripts to be stored and executed on the site. Recommendations: For OneBlog version 2.3.4, update to...
PT-2024-22919 · Oneblog · Oneblog
Name of the Vulnerable Software and Affected Versions: OneBlog version 2.3.4 Description: A stored cross-site scripting XSS issue was found in the Role Management module. This allows for malicious scripts to be stored and executed on the site. Recommendations: For OneBlog version 2.3.4, as a...
CVE-2024-29471
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the Notice Manage module...
CVE-2024-29469
A stored cross-site scripting XSS vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module...
CVE-2024-29469
CVE-2024-29469 involves a stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4. The issue stems from the Lab module’s Category List parameter, where user-supplied data is not properly filtered/escaped, allowing attackers to inject and execute arbitrary web scripts or HTML in the cont...
OneBlog 安全漏洞
OneBlog is a Java blog. OneBlog v2.3.4 version of a cross-site scripting vulnerability , the vulnerability stems from the Lab module under the Category List parameter of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by injecting a...
OneBlog 安全漏洞
OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...
OneBlog 安全漏洞
OneBlog is a beautiful and powerful Java blog. A security vulnerability exists in OneBlog v2.3.4, which stems from a stored cross-site scripting XSS vulnerability in the Notice Manage module...
CVE-2024-29472
OneBlog v2.3.4 contains a stored cross-site scripting (XSS) vulnerability in the Privilege Management module. The CVE-2024-29472 entry indicates a network-exposed, low-privilege XSS with user interaction required, resulting in partial confidentiality/integrity impact and no availability impact. T...
CVE-2024-29473
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the Role Management module...
CVE-2024-29474
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the User Management module...
PT-2024-22917 · Oneblog · Oneblog
Name of the Vulnerable Software and Affected Versions: OneBlog version 2.3.4 Description: A stored cross-site scripting XSS issue was found in the Notice Manage module. This allows for malicious scripts to be stored and executed on the site, potentially leading to unauthorized actions or data...
CVE-2024-29474
OneBlog v2.3.4 contains a stored cross-site scripting (XSS) vulnerability in the User Management module. The root cause is a lack of proper filtering/escaping of user-supplied data, enabling arbitrary web script or HTML execution. Affected version: OneBlog 2.3.4. Documents do not provide exploita...
CVE-2024-29470
OneBlog v2.3.4 is affected by a stored XSS vulnerability in the component path {{rootpath}}/links, caused by insufficient filtering/escaping of user input. Impact described across sources: an attacker could inject and execute arbitrary web script/HTML in a victim’s browser. No explicit patch/vers...
CVE-2024-29470
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the component rootpath/links...