121 matches found
CVE-2019-16643
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the articleedit area...
CVE-2019-16643
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the articleedit area...
Cross site scripting
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the articleedit area...
CVE-2019-16643
CVE-2019-16643 affects ZrLog 2.1.1 with a stored XSS vulnerability in the article_edit area. Connected documents confirm the issue across multiple feeds (NVD, Red Hat, vendor/public listings). The available descriptions consistently describe a stored XSS condition, but there are no details here o...
CVE-2019-16643
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the articleedit area...
CVE-2018-17079
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area...
CVE-2018-17079
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area...
Cross site scripting
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area...
CVE-2018-17079
CVE-2018-17079 affects ZRLOG 2.0.1 and involves a stored XSS vulnerability in the nickname field of the comment area. The provided documents confirm the issue but do not provide any remediation steps within the supplied content. Exploitation status and in-the-wild details are not described in the...
CVE-2018-17079
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area...
ZrLog Cross-Site Scripting Vulnerability
ZrLog is a blogging system developed using the Java language. A cross-site scripting vulnerability exists in the file upload feature in ZrLog version 2.0.3. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML using a specially crafted attached/file/ pathname...
CVE-2018-17421
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname...
Cross site scripting
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname...
CVE-2018-17420
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter...
CVE-2018-17420
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter...
Sql injection
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter...
CVE-2018-17421
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname...
CVE-2018-17421
ZrLog 2.0.3 contains a stored XSS vulnerability in the file upload area, exploitable via a crafted attached/file/ pathname. This CVE (CVE-2018-17421) is supported by multiple references (e.g., CNVD-2019-13264 and NVD entry), and the vulnerability description explicitly states the stored XSS condi...
CVE-2018-17420
Summary: CVE-2018-17420 affects ZrLog 2.0.3 with a SQL injection in the article management search box via the keywords parameter. The vulnerability is demonstrated in the NVD entry (CVSS v3 base 7.2, HIGH; vectors: NETWORK/LOW for exploitability, requires HIGH privileges, no user interaction). Th...
CVE-2018-17421
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname...