3 matches found
CVE-2018-11208
An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...
Cross site scripting
DISPUTED Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings -- Basic setting -- Website title" and enters an XSS payload via the zbsystem/cmd.php ZCBLOGNAME parameter. NOTE: the vendor disputes the security relevance...
CVE-2018-10680
CVE-2018-10680 concerns Z-BlogPHP 1.5.2, where a stored Cross Site Scripting vulnerability exists in the Site Title field accessed via the zb_system/cmd.php endpoint using the ZC_BLOG_NAME parameter. The vulnerability is described as exploitable to inject script via the Site Settings → Basic Sett...