11 matches found
Cross-site Scripting (XSS)
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient escaping on the Blog Name value. An attacker can manipulate the output and execute arbitrary JavaScript by...
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name...
Cross site scripting
panel/login in Kirby v2.5.12 allows XSS via a blog name...
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name...
CVE-2018-16628
panel/login in Kirby v2.5.12 allows XSS via a blog name...
CVE-2018-10680
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...
PT-2018-10049 · Z Blogphp · Z-Blogphp
Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.2 Description: The issue allows an administrator to inject a Cross Site Scripting XSS payload via the ZC BLOG NAME parameter in the "Web site settings -- Basic setting -- Website title" section, accessible through the zb...
CVE-2009-4907
Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...
CVE-2004-1865
Cross-site scripting XSS vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name $blogname. NOTE: if administrators are normally allowed to add HTML by other means, e.g. through...
[Full-Disclosure] Code Injection Vulnerability in pLog
I believe I have discovered a vulnerability in the open source blog software known as pLog. Register.php doesn't seem to check for script tags in the username or blog name fields in the account sign up form. This allows injection of potentially malicious code into the page. Since the names of blo...
bblog 0.7.2 cross site scripting
Introduction: Bblog, a blogging system scripted in PHP does not perform sufficient filtering when submitting a blog name. The severity of this flaw however, is low as the required privileges to access the administration panel for bblog is superuser. The problem: The flaw lies in...