Mblog Security Vulnerabilities and Issues — Mblog CVE List

Lucene search

Mblog ProjectMblog

7 matches found

CVE•added 2021/04/01 8:15 p.m.•59 views

CVE-2020-19618

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.

5.4CVSS5.2AI score0.00185EPSS

CVE•added 2021/04/01 7:15 p.m.•55 views

CVE-2020-19617

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.

5.4CVSS5.2AI score0.00185EPSS

CVE•added 2021/04/01 8:15 p.m.•53 views

CVE-2020-19619

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2021/04/01 7:15 p.m.•50 views

CVE-2020-19616

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2022/01/20 12:15 a.m.•47 views

CVE-2021-46028

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.

4.3CVSS4.6AI score0.00098EPSS

CVE•added 2024/03/28 7:15 p.m.•45 views

CVE-2024-28713

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.

9.8CVSS7.7AI score0.00386EPSS

CVE•added 2023/05/08 2:15 p.m.•39 views

CVE-2021-27280

OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.

7.8CVSS7.9AI score0.00027EPSS