Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
5.4CVSS
5.2AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
5.4CVSS
5.2AI Score
0.001EPSS
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
7.8CVSS
7.9AI Score
0.001EPSS
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
4.3CVSS
4.6AI Score
0.001EPSS