Lucene search

Forestblog Project Security Vulnerabilities

cve

CVE-2023-6887

A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack....

9.8CVSS

9.6AI Score

0.001EPSS

2023-12-17 01:15 AM

cve

CVE-2022-29020

ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user...

6.1CVSS

6AI Score

0.001EPSS

2022-04-16 12:15 AM

cve

CVE-2021-46034

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input...

6.1CVSS

5.9AI Score

0.001EPSS

2022-01-25 04:15 PM

cve

CVE-2021-46033

In ForestBlog, as of 2021-12-28, File upload can bypass...

9.8CVSS

9.4AI Score

0.002EPSS

2022-01-25 03:15 PM

cve

CVE-2020-18964

Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain...

8.8CVSS

8.8AI Score

0.001EPSS

2021-05-11 07:15 PM