21 matches found
EUVD-2020-10912
Malware in sbrugna...
EUVD-2025-19617
Malicious code in bioql PyPI...
EUVD-2024-53699
Malicious code in bioql PyPI...
EUVD-2021-30951
Malicious code in bioql PyPI...
EUVD-2021-30952
Malicious code in bioql PyPI...
CVE-2025-45872
zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery SSRF via the downloadUrl parameter...
CVE-2025-45872
zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery SSRF via the downloadUrl parameter...
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...
CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function...
CVE-2020-19005
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...
CVE-2020-18066
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the 1 userName and 2 email parameters in post/addComment...
CVE-2018-17079
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area...
CVE-2024-57669
Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file...
CVE-2024-57669
Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file...
CVE-2024-57669
Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file...
ZrLog Cross-Site Scripting Vulnerability (CNVD-2023-54438)
ZrLog is a blogging system developed using the Java language. A cross-site scripting XSS vulnerability exists in ZrLog version 2.1.3. An attacker can exploit this vulnerability to execute arbitrary code via the nickname parameter of the /post/addComment function...
CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function...
ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-46876)
ZrLog is a blog/CMS program developed in Java that is minimalist, easy to use, componentized, and has a low memory footprint. A cross-site scripting vulnerability exists in ZrLog version 2.1.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the userName and email...
ZrLog Cross-Site Scripting Vulnerability (CNVD-2021-43499)
ZrLog is a blogging system developed using the Java language. A security vulnerability exists in ZrLog 2.1.3, which can be exploited by remote attackers to inject arbitrary web scripts and stolen administrator cookies via the nickname parameter and gain access to the admin panel...
Stored Cross-Site Scripting Vulnerability in ZrLog
ZrLog is a blogging program developed using Java. A stored cross-site scripting vulnerability exists in ZrLog. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...