OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.
4.3CVSS
4.7AI Score
0.001EPSS
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.
6.5CVSS
6.4AI Score
0.001EPSS
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.
4.3CVSS
4.7AI Score
0.001EPSS
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
5.4CVSS
5.9AI Score
0.0004EPSS
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.
5.4CVSS
6AI Score
0.0004EPSS