Lucene search
K

220 matches found

Cvelist
Cvelist
added 2018/05/16 3:0 p.m.22 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

5AI score0.00891EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2018/05/16 3:0 p.m.14 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

5.8AI score0.00891EPSS
Exploits1References2
CVE
CVE
added 2018/05/16 3:0 p.m.53 views

CVE-2018-11209

Z-BlogPHP 2.0.0 is affected by a vulnerability in zb_system/cmd.php?act=verify that uses MD5 for the password parameter. The underlying issue is a weak hash allowing potential bypass of access restrictions via dictionary or rainbow-table attacks. Affected component: zb_system/cmd.php (act=verify)...

7.2CVSS7AI score0.0102EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2018/05/16 12:0 a.m.12 views

PT-2018-10399 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 2.0.0 Description: An issue was discovered where the zb system/cmd.php API endpoint, specifically the act=verify action, relies on MD5 for the password parameter. This could potentially make it easier for attackers to bypass...

7.2CVSS7.1AI score0.0102EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/05/16 12:0 a.m.7 views

PT-2018-10398 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 2.0.0 Description: An issue allows remote attackers to inject arbitrary web script or HTML into background web site settings via the copyright information office field. This is a persistent XSS issue. The vendor indicates th...

4.8CVSS6AI score0.00891EPSS
Exploits1References4
NVD
NVD
added 2018/05/02 7:29 p.m.16 views

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...

6.1CVSS6AI score0.00894EPSS
Exploits1References2
Prion
Prion
added 2018/05/02 7:29 p.m.20 views

Cross site scripting

DISPUTED Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance...

4.3CVSS5.8AI score0.00894EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/05/02 7:29 p.m.3 views

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...

6.1CVSS5.6AI score0.00894EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/05/02 7:0 p.m.17 views

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance, noting ...

6AI score0.00894EPSS
Exploits1References2
CVE
CVE
added 2018/05/02 7:0 p.m.50 views

CVE-2018-10680

CVE-2018-10680 concerns Z-BlogPHP 1.5.2, where a stored Cross Site Scripting vulnerability exists in the Site Title field accessed via the zb_system/cmd.php endpoint using the ZC_BLOG_NAME parameter. The vulnerability is described as exploitable to inject script via the Site Settings → Basic Sett...

6.1CVSS5.9AI score0.00894EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2018/05/02 12:0 a.m.4 views

PT-2018-10049 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.2 Description: The issue allows an administrator to inject a Cross Site Scripting XSS payload via the ZC BLOG NAME parameter in the "Web site settings -- Basic setting -- Website title" section, accessible through the zb...

6.1CVSS6.1AI score0.00894EPSS
Exploits1References3
OSV
OSV
added 2018/04/16 9:58 a.m.5 views

CVE-2018-9169

Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...

4.8CVSS5.7AI score0.00518EPSS
Exploits0References1
NVD
NVD
added 2018/04/16 9:58 a.m.24 views

CVE-2018-9169

Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...

4.8CVSS5AI score0.00518EPSS
Exploits0References1
NVD
NVD
added 2018/04/16 9:58 a.m.20 views

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

7.2CVSS8.2AI score0.01226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/04/16 9:58 a.m.5 views

CVE-2018-9169

Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...

4.8CVSS5.3AI score0.00518EPSS
Exploits0References2
Prion
Prion
added 2018/04/16 9:58 a.m.17 views

Cross site request forgery (csrf)

Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...

3.5CVSS4.8AI score0.00518EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/04/16 9:58 a.m.17 views

Cross site request forgery (csrf)

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

6.5CVSS8.2AI score0.01226EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/16 12:0 a.m.5 views

Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-08697)

Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sending the 'appid' parameter to the zbusers/plugin/AppCentre/pluginedit.php file to...

4.8CVSS6.3AI score0.00518EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/16 12:0 a.m.4 views

Z-BlogPHP Arbitrary PHP Code Execution Vulnerability

Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...

7.2CVSS7.7AI score0.01226EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/15 2:0 p.m.22 views

CVE-2018-9169

Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...

5AI score0.00518EPSS
Exploits0References1
Rows per page
Query Builder