BlogEngine.NET 3.3.7.0 - Local File Inclusion

BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter id: CVE-2019-10717 info: name: BlogEngine.NET 3.3.7.0 - Local File Inclusion author: arafatansari severity: high description: | BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the pa...

BlogEngine CMS - Open Redirect

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect id: CVE-2023-33405 info: name: BlogEngine CMS - Open Redirect author: Shankar Acharya severity: medium description: | Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect impact: | Unauthenticated attackers can exploit...

EUVD-2022-39304

Malicious code in bioql PyPI...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

BlogEngine 代码问题漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments , custom themes and so on. A security vulnerability exists in BlogEngine.NET 3.3.8.0 and earlier versions, which stems from an unrestricted upload vulnerability that allows remote attackers to execute remote code...

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. A security vulnerability exists in BlogEngine 3.3.8.0 and earlier versions , which stems from vulnerability to open redirects...

PT-2023-24333 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: Blogengine.net versions 3.3.8.0 and earlier Description: The issue is related to an Open Redirect. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...

PT-2023-18733 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: An Improper Access Control issue allows unauthenticated visitors to access the files of unpublished blogs. Recommendations: For BlogEngine.NET version 3.3.8.0, at the moment, there is no information...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploited the vulnerability to inject arbitrary JavaScript into a blog visitor's secure environment by...

BlogEngine 安全漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes, and more. A security vulnerability exists in BlogEngine.NET version 3.3.8.0, which stems from incorrect access control. An attacker exploiting this vulnerability can access the files of unpublishe...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploits this vulnerability to inject arbitrary JavaScript in the secure environment of a blog visitor by...

PT-2023-13982 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: The issue allows an attacker to create any folder with a files prefix under the /App Data/ directory. Recommendations: For BlogEngine.NET version 3.3.8.0, consider restricting access to the /App Dat...

BlogEngine 路径遍历漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. BlogEngine v3.3.8.0 version of a security vulnerability , the vulnerability stems from its BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs component allows an attacker to upload...

CVE-2022-41418

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

Cross site scripting

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

CVE-2022-36600 affects BlogEngine v3.3.8.0, with a cross-site scripting (XSS) vulnerability in the /blogengine/api/posts component. The issue allows injection of arbitrary web scripts/HTML via the Description field. Documents from NVD, OSV, CNNVD and others confirm the vulnerable product/version ...