Lucene search

Oneblog Security Vulnerabilities - November

cve

CVE-2022-34011

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.

4.3CVSS

4.7AI Score

0.001EPSS

2022-06-23 05:15 PM

cve

CVE-2022-34012

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.

6.5CVSS

6.4AI Score

0.001EPSS

2022-06-23 05:15 PM

cve

CVE-2022-34013

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.

4.3CVSS

4.7AI Score

0.001EPSS

2022-06-23 05:15 PM

cve

CVE-2024-29471

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.

5.4CVSS

5.9AI Score

0.0004EPSS

2024-03-20 09:15 PM

cve

CVE-2024-29472

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.

5.4CVSS

6AI Score

0.0004EPSS

2024-03-20 09:15 PM