Lucene search
K
Mblog ProjectMblog

6 matches found

CVE
CVE
added 2021/04/01 7:1 p.m.69 views

CVE-2020-19618

CVE-2020-19618 affects mblog 3.5, with an XSS in the post editing flow exposed via the post content field on /post/editing. The connected documents confirm the vulnerable component and entry point, but do not provide concrete patch/version details or remediation steps. Exploitation status is not ...

5.4CVSS5.2AI score0.00637EPSS
Web
CVE
CVE
added 2021/04/01 6:59 p.m.65 views

CVE-2020-19617

CVE-2020-19617 affects mblog 3.5. The issue is a Cross-Site Scripting (XSS) vulnerability exploitable via the nickname field in /settings/profile. The root cause is not explicitly detailed beyond the XSS description in the provided sources. Potential impact is XSS that could inject arbitrary scri...

5.4CVSS5.2AI score0.00603EPSS
Web
CVE
CVE
added 2021/04/01 7:3 p.m.62 views

CVE-2020-19619

CVE-2020-19619 is a Cross‑Site Scripting (XSS) vulnerability affecting mblog 3.5, exploitable via the signature field on the /settings/profile page. The vulnerability is described across multiple sources as allowing injection of arbitrary web scripts/HTML through that field, with the issue locate...

5.4CVSS5.2AI score0.00637EPSS
Web
CVE
CVE
added 2021/04/01 6:56 p.m.61 views

CVE-2020-19616

CVE-2020-19616 concerns a Cross-Site Scripting (XSS) vulnerability in the open-source Java blog system mblog, reported for version 3.5.0. The flaw is triggered via the post header field when editing a post, specifically through the /post/editing endpoint. The connected sources corroborate the iss...

5.4CVSS5.2AI score0.00603EPSS
Web
CVE
CVE
added 2022/01/19 11:7 p.m.60 views

CVE-2021-46028

In mblog

4.3CVSS4.6AI score0.00355EPSS
CVE
CVE
added 2023/05/08 12:0 a.m.51 views

CVE-2021-27280

The CVE-2021-27280 vulnerability affects mblog version 3.5.0 and is described as an OS command injection vulnerability that allows an attacker to execute arbitrary code through a crafted theme selected in the UI. The root cause is tied to what the sources label as a command injection weakness in ...

7.8CVSS7.9AI score0.00973EPSS