6 matches found
CVE-2020-19618
CVE-2020-19618 affects mblog 3.5, with an XSS in the post editing flow exposed via the post content field on /post/editing. The connected documents confirm the vulnerable component and entry point, but do not provide concrete patch/version details or remediation steps. Exploitation status is not ...
CVE-2020-19617
CVE-2020-19617 affects mblog 3.5. The issue is a Cross-Site Scripting (XSS) vulnerability exploitable via the nickname field in /settings/profile. The root cause is not explicitly detailed beyond the XSS description in the provided sources. Potential impact is XSS that could inject arbitrary scri...
CVE-2020-19619
CVE-2020-19619 is a Cross‑Site Scripting (XSS) vulnerability affecting mblog 3.5, exploitable via the signature field on the /settings/profile page. The vulnerability is described across multiple sources as allowing injection of arbitrary web scripts/HTML through that field, with the issue locate...
CVE-2020-19616
CVE-2020-19616 concerns a Cross-Site Scripting (XSS) vulnerability in the open-source Java blog system mblog, reported for version 3.5.0. The flaw is triggered via the post header field when editing a post, specifically through the /post/editing endpoint. The connected sources corroborate the iss...
CVE-2021-46028
In mblog
CVE-2021-27280
The CVE-2021-27280 vulnerability affects mblog version 3.5.0 and is described as an OS command injection vulnerability that allows an attacker to execute arbitrary code through a crafted theme selected in the UI. The root cause is tied to what the sources label as a command injection weakness in ...