CVE-2018-9169
CVE-2018-9169 affects Z-BlogPHP 1.5.1 with a Cross-Site Scripting (XSS) vulnerability via the app_id parameter in zb_users/plugin/AppCentre/plugin_edit.php. The component must be accessed directly by an administrator or via CSRF. Root cause: improper handling of the app_id input enabling script i...