124 matches found
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...
PT-2025-16342 · Unknown · Perfreeblog
Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: The issue allows regular users to exploit an arbitrary file upload vulnerability in the attach component, enabling them to upload arbitrary files and execute code within them. Recommendations: For...
PT-2025-16341 · Unknown · Perfreeblog
Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A stored cross-site scripting vulnerability exists in the website name field of the backend system settings interface, allowing an attacker to insert and execute arbitrary malicious code. Recommendation...
CVE-2025-29281
CVE-2025-29281 affects PerfreeBlog 4.0.11, where an arbitrary file upload vulnerability in the attach component lets regular users upload files and execute code within them. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 8.8 (HIGH). Exploitation is descr...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. A security vulnerability exists in PerfreeBlog version 4.0.11, which originates from a stored cross-site script in the site name field of the background system settings interface...
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which originates from the presence of arbitrary file uploads in the attach component and could lead to the execution of arbitrary code...
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...
CVE-2025-29280
CVE-2025-29280 is a stored cross-site scripting vulnerability in PerfreeBlog v4.0.11, occurring in the website name field of the backend system settings interface. The issue allows an attacker to insert and execute arbitrary malicious code. The CVSS 3.1 base metrics indicate a Medium severity (4....
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...
CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...
CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...
CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...
Design/Logic Flaw
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...
PerfreeBlog 代码问题漏洞
PerfreeBlog is a java-based blog/CMS builder. A security vulnerability exists in Perfree PerfreeBlog version v.3.1.2, which originates from a vulnerability that allows remote attackers to execute arbitrary code via a crafted plugin listed in admin/plugin/access/list...