Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.
8.8CVSS
8.8AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.003EPSS
A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.
6.1CVSS
5.9AI Score
0.001EPSS
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
6.1CVSS
6AI Score
0.001EPSS
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack ...
9.8CVSS
9.6AI Score
0.001EPSS