BlogEngine.NET 3.3.7.0 - Local File Inclusion

BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter id: CVE-2019-10717 info: name: BlogEngine.NET 3.3.7.0 - Local File Inclusion author: arafatansari severity: high description: | BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the pa...

BlogEngine CMS - Open Redirect

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect id: CVE-2023-33405 info: name: BlogEngine CMS - Open Redirect author: Shankar Acharya severity: medium description: | Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect impact: | Unauthenticated attackers can exploit...

EUVD-2022-39304

Malicious code in bioql PyPI...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

BlogEngine 代码问题漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments , custom themes and so on. A security vulnerability exists in BlogEngine.NET 3.3.8.0 and earlier versions, which stems from an unrestricted upload vulnerability that allows remote attackers to execute remote code...

PT-2023-24333 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: Blogengine.net versions 3.3.8.0 and earlier Description: The issue is related to an Open Redirect. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. A security vulnerability exists in BlogEngine 3.3.8.0 and earlier versions , which stems from vulnerability to open redirects...

PT-2023-18733 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: An Improper Access Control issue allows unauthenticated visitors to access the files of unpublished blogs. Recommendations: For BlogEngine.NET version 3.3.8.0, at the moment, there is no information...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploited the vulnerability to inject arbitrary JavaScript into a blog visitor's secure environment by...

BlogEngine 跨站脚本漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A security vulnerability exists in BlogEngine.NET version 3.3.8.0. An attacker exploits this vulnerability to inject arbitrary JavaScript in the secure environment of a blog visitor by...

BlogEngine 安全漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes, and more. A security vulnerability exists in BlogEngine.NET version 3.3.8.0, which stems from incorrect access control. An attacker exploiting this vulnerability can access the files of unpublishe...

PT-2023-13982 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: The issue allows an attacker to create any folder with a files prefix under the /App Data/ directory. Recommendations: For BlogEngine.NET version 3.3.8.0, consider restricting access to the /App Dat...

CVE-2022-41418

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

BlogEngine 路径遍历漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and more. BlogEngine v3.3.8.0 version of a security vulnerability , the vulnerability stems from its BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs component allows an attacker to upload...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

Cross site scripting

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

CVE-2022-36600

CVE-2022-36600 affects BlogEngine v3.3.8.0, with a cross-site scripting (XSS) vulnerability in the /blogengine/api/posts component. The issue allows injection of arbitrary web scripts/HTML via the Description field. Documents from NVD, OSV, CNNVD and others confirm the vulnerable product/version ...

CVE-2022-36600

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...