Lucene search
+L

121 matches found

cnvd
cnvd
added 2021/06/16 12:0 a.m.14 views

ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-43499)

ZrLog is a blogging system developed using the Java language. A security vulnerability exists in ZrLog 2.1.3, which can be exploited by remote attackers to inject arbitrary web scripts and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

6.1CVSS7.1AI score0.01121EPSS
Exploits0References1
nvd
nvd
added 2021/06/15 8:15 p.m.13 views

CVE-2020-21316

A Cross-site scripting XSS vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

6.1CVSS0.01121EPSS
Exploits0References3
osv
osv
added 2021/06/15 8:15 p.m.12 views

CVE-2020-21316

A Cross-site scripting XSS vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

6.1CVSS6.1AI score
Exploits0References3
prion
prion
added 2021/06/15 8:15 p.m.24 views

Cross site scripting

A Cross-site scripting XSS vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

4.3CVSS6.2AI score0.01121EPSS
Exploits0References3Affected Software1
cve
cve
added 2021/06/15 5:15 p.m.60 views

CVE-2020-21316

CVE-2020-21316 describes an XSS vulnerability in ZrLog 2.1.3’s comment section. The issue allows remote attackers to inject arbitrary scripts via the nickname parameter and potentially steal administrator cookies, gaining access to the admin panel. Affected component: ZrLog 2.1.3; vulnerability t...

6.1CVSS6.1AI score0.01121EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2021/06/15 5:15 p.m.15 views

CVE-2020-21316

A Cross-site scripting XSS vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

6.2AI score0.01121EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/06/15 12:0 a.m.7 views

ZrLog 跨站脚本漏洞

ZrLog is a blogging system developed using the Java language. A security vulnerability exists in ZrLog 2.1.3, which can be exploited by remote attackers to inject arbitrary web scripts and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

6.1CVSS5.9AI score0.01121EPSS
Exploits0References3
cnvd
cnvd
added 2020/10/16 12:0 a.m.2 views

Arbitrary File Deletion Vulnerability in ZrLog CMS

ZrLog is a blogging program developed using Java. ZrLog CMS suffers from an arbitrary file deletion vulnerability that can be exploited by an attacker to compromise the integrity of the system...

7AI score
Exploits0
cnvd
cnvd
added 2020/08/26 12:0 a.m.5 views

zrlog privilege checking vulnerability

ZrLog is a blog/CMS program developed in Java that is minimalist, easy to use, componentized, and has a low memory footprint. A privilege check vulnerability exists in zrlog 2.1.0. An attacker can log in with an administrator account and then use another unauthenticated user to download a databas...

5.7CVSS6.9AI score0.00734EPSS
Exploits0References1
nvd
nvd
added 2020/08/25 10:15 p.m.13 views

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

5.7CVSS5.6AI score0.00734EPSS
Exploits0References2
osv
osv
added 2020/08/25 10:15 p.m.13 views

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

5.7CVSS6.8AI score
Exploits0References2
prion
prion
added 2020/08/25 10:15 p.m.12 views

Design/Logic Flaw

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

3.5CVSS5.6AI score0.00734EPSS
Exploits0References2Affected Software1
cve
cve
added 2020/08/25 9:46 p.m.52 views

CVE-2020-19005

Summary: The issue CVE-2020-19005 affects zrlog v2.1.0 and stems from a faulty permission check that allows an admin session to enable other, unauthorized users to directly download the database backup file. Affected software: zrlog 2.1.0 (Java-based blog/CMS). Vulnerability details: Permission v...

5.7CVSS5.5AI score0.00734EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/08/25 9:46 p.m.18 views

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

5.6AI score0.00734EPSS
Exploits0References2
cnvd
cnvd
added 2020/05/31 12:0 a.m.1 views

ZrLog is vulnerable to XSS

ZrLog is a blog/CMS program developed in Java. ZrLog suffers from an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

6AI score
Exploits0
cnvd
cnvd
added 2020/05/26 12:0 a.m.1 views

SQL Injection Vulnerability in ZrLog

ZrLog is a blogging program developed using Java. ZrLog suffers from a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
cnvd
cnvd
added 2020/05/26 12:0 a.m.3 views

Stored Cross-Site Scripting Vulnerability in ZrLog

ZrLog is a blogging program developed using Java. A stored cross-site scripting vulnerability exists in ZrLog. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...

5.9AI score
Exploits0
cnvd
cnvd
added 2020/02/25 12:0 a.m.2 views

Arbitrary File Download Vulnerability in ZrLog V2.1.1

ZrLog is a blogging program developed using Java. ZrLog V2.1.1 suffers from an arbitrary file download vulnerability, which can be exploited by an attacker to download any file on the server via a constructed path...

7AI score
Exploits0
cnvd
cnvd
added 2019/11/28 12:0 a.m.1 views

Command Execution Vulnerability in ZrLog CMS

ZrLog is a blog/CMS program developed in Java , with simple , easy to use , componentized , low memory consumption and so on. ZrLog CMS has a command execution vulnerability that can be exploited by attackers to execute arbitrary commands...

7.8AI score
Exploits0
cnvd
cnvd
added 2019/11/26 12:0 a.m.3 views

Stored Cross-Site Scripting Vulnerability in ZrLog Frontend

ZrLog is a blog/CMS program developed in Java. A stored cross-site scripting vulnerability exists in the ZrLog frontend. An attacker can insert malicious js code into a page to obtain user cookies and other information, leading to user hijacking...

6.3AI score
Exploits0
Rows per page
Query Builder