2 matches found
ZrLog Cross-Site Scripting Vulnerability (CNVD-2023-54438)
ZrLog is a blogging system developed using the Java language. A cross-site scripting XSS vulnerability exists in ZrLog version 2.1.3. An attacker can exploit this vulnerability to execute arbitrary code via the nickname parameter of the /post/addComment function...
ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-43499)
ZrLog is a blogging system developed using the Java language. A security vulnerability exists in ZrLog 2.1.3, which can be exploited by remote attackers to inject arbitrary web scripts and stolen administrator cookies via the nickname parameter and gain access to the admin panel...