163 matches found
CVE-2018-18381
Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...
CVE-2018-18381
Z-BlogPHP 1.5.2.1935 Zero has a stored XSS Vulnerability in zbsystem/function/csystemadmin.php via the Content-Type header during the uploading of image attachments...
CVE-2018-18381
Z-BlogPHP 1.5.2.1935 (Zero) is affected by a stored XSS in zb_system/function/c_system_admin.php, exploitable via the Content-Type header during image attachment uploads. Affected component is the server-side upload handling in zb_system/function/c_system_admin.php; the issue allows injection of ...
Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-21484)
Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in the zbsystem/function/csystemadmin.php file in Z-BlogPHP version 1.5.2.1935 Zero. When uploading an image attachment, a remote attacker can exploit this...
Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-09795)
Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in Z-BlogPHP version 2.0.0. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the 'copyright notice' field...
Z-BlogPHP Security Bypass Vulnerability
Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 2.0.0. An attacker can exploit the vulnerability to bypass access restrictions...
CVE-2018-11209
An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...
CVE-2018-11208
An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...
CVE-2018-11208
An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...
Design/Logic Flaw
DISPUTED An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid...
CVE-2018-11209
An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...
CVE-2018-11209
Z-BlogPHP 2.0.0 is affected by a vulnerability in zb_system/cmd.php?act=verify that uses MD5 for the password parameter. The underlying issue is a weak hash allowing potential bypass of access restrictions via dictionary or rainbow-table attacks. Affected component: zb_system/cmd.php (act=verify)...
CVE-2018-11208
An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...
CVE-2018-11208
An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...
CVE-2018-11208
Z-BlogPHP 2.0.0 is affected by a persistent XSS in the background site settings via the "copyright information office" field. The issue allows remote injection of arbitrary web script/HTML; vendor notes this XSS may not be blocked for admin users. Connected sources (CNVD/NVD) confirm the affected...
CVE-2018-11209
An issue was discovered in Z-BlogPHP 2.0.0. zbsystem/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue...
PT-2018-10398 · Z Blogphp · Z-Blogphp
Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 2.0.0 Description: An issue allows remote attackers to inject arbitrary web script or HTML into background web site settings via the copyright information office field. This is a persistent XSS issue. The vendor indicates th...
PT-2018-10399 · Z Blogphp · Z-Blogphp
Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 2.0.0 Description: An issue was discovered where the zb system/cmd.php API endpoint, specifically the act=verify action, relies on MD5 for the password parameter. This could potentially make it easier for attackers to bypass...
CVE-2018-10680
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...
Cross site scripting
DISPUTED Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance...