Lucene search

Mblog Security Vulnerabilities

cve

CVE-2020-19616

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.

5.4CVSS

5.2AI Score

0.001EPSS

2021-04-01 07:15 PM

cve

CVE-2020-19617

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.

5.4CVSS

5.2AI Score

0.001EPSS

2021-04-01 07:15 PM

cve

CVE-2020-19618

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.

5.4CVSS

5.2AI Score

0.001EPSS

2021-04-01 08:15 PM

cve

CVE-2020-19619

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.

5.4CVSS

5.2AI Score

0.001EPSS

2021-04-01 08:15 PM

cve

CVE-2021-27280

OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.

7.8CVSS

7.9AI Score

0.001EPSS

2023-05-08 02:15 PM

cve

CVE-2021-46028

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.

4.3CVSS

4.6AI Score

0.001EPSS

2022-01-20 12:15 AM