12 matches found
EUVD-2018-8605
Malware in sbrugna...
EUVD-2018-8100
Malware in sbrugna...
CVE-2018-16248
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...
b3log Solo Cross-Site Scripting Vulnerability
b3log Solo is an open source blogging system. A cross-site scripting vulnerability exists in the input page under the Publish Articles menu in b3log Solo version 2.9.3. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit thi...
CVE-2018-16248
CVE-2018-16248 affects b3log Solo 2.9.3. An XSS flaw exists in the Input page under the “Publish Articles” menu, where the articleTags field stored in the tag JSON enables an admin-authenticated HTTP request to inject arbitrary scripts via a crafted site name. The vulnerability is caused by insuf...
CVE-2018-16248
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...
Design/Logic Flaw
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...
CVE-2018-16805
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...
CVE-2018-16805
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...
CVE-2018-16805
In CVE-2018-16805, the affected software is b3log Solo 2.9.3. The vulnerability is a cross-site scripting (XSS) flaw on the Input page under Publish Articles, where an ID named linkAddress stored in the link JSON field can be exploited to inject arbitrary Web scripts or HTML via a crafted site na...
CVE-2018-16805
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...
B3log Solo view any user's password-vulnerability warning-the black bar safety net
B3log Solo background A without reasonable permission to verify the interactive interface you can view any user information, including plaintext passwords. Currently the latest official Release 0.5.5 affected by this vulnerability, all the platform users are there is a leak the password of the...