14 matches found
CVE-2024-28713
CVE-2024-28713 affects Mblog Blog system v3.5.0. A vulnerability in the theme management feature allows an attacker to execute arbitrary code by supplying a crafted file. The issue is confirmed across multiple sources (Red Hat, CVE listings) and is rated as highly severe (CVSS v3.1: 9.8, Critical...
CVE-2024-13198
CVE-2024-13198 affects langhsu Mblog Blog System 3.5.0. The vulnerability is in an unknown function of the file /login , causing an observable response discrepancy. It can be exploited remotely, with attack complexity described as high. Exploit has been disclosed publicly. Vendor response to disc...
CVE-2024-13199
CVE-2024-13199 affects langhsu Mblog Blog System 3.5.0. The vulnerability resides in the /search endpoint of the Search Bar component, where manipulating the kw argument triggers a cross-site scripting (XSS) vulnerability. The issue can be exploited remotely, and public disclosure has occurred. M...
CVE-2025-8927
Summary (CVE-2025-8927) : A vulnerability exists in mtons mblog up to version 3.5.0 affecting the Verification Code Handler, specifically the file /email/send_code. Malicious manipulation of the email parameter can bypass restrictions on excessive authentication attempts. The issue can be exploit...
CVE-2025-8992
Summary: CVE-2025-8992 affects mtons mblog up to version 3.5.0, with a cross-site request forgery (CSRF) flaw arising in an unknown functionality. The vulnerability can be exploited remotely and exploit details have been publicly disclosed. Multiple connected sources corroborate this issue (Red H...
CVE-2025-9004
CVE-2025-9004 affects mtons mblog up to version 3.5.0 (and related advisories reference versions prior to 3.5.1). The issue stems from improper restriction of excessive authentication attempts when processing /settings/password, with potential remote initiation. Exploitation is described as diffi...
CVE-2025-9005
The vulnerability CVE-2025-9005 affects mtons mblog up to version 3.5.0, where an unknown function in the /register endpoint can trigger information exposure via an error message. It can be exploited remotely; attack complexity is high and exploitation is not trivial. Public disclosure exists, wi...
CVE-2025-9432
CVE-2025-9432 affects mtons mblog up to version 3.5.0, specifically the Admin Panel component in /admin/post/list where manipulating the Title argument enables cross-site scripting. The vulnerability can be triggered remotely and has been publicly disclosed. Exploitation details are not provided ...
CVE-2025-9407
CVE-2025-9407 affects mtons mblog up to version 3.5.0. The vulnerability lies in an unknown functionality of the file /settings/profile where manipulation of the signature parameter can trigger cross-site scripting. Exploitation is possible remotely. A fixed version is not present in the affected...
CVE-2025-9429
CVE-2025-9429 affects mtons mblog up to 3.5.0. The vulnerability is in the Post Handler’s file path /post/submit, where manipulation of the content/title argument leads to cross-site scripting (XSS). The issue can be triggered remotely and the exploit has been publicly disclosed. Affected version...
CVE-2025-9430
CVE-2025-9430 is reported for mtons mblog up to 3.5.0. The issue arises from improper handling of input in the file "/admin/options/update", allowing cross-site scripting. The CVE entry notes that the attack can be launched remotely and that the exploit is public. Connected sources consistently i...
CVE-2025-9433
CVE-2025-9433 affects mtons mblog up to version 3.5.0. The vulnerability is an XSS in the Admin Panel, specifically in the /admin/user/list function where manipulating the Name parameter can trigger cross-site scripting. Exploitation can be performed remotely, and public PoCs exist. Several conne...
CVE-2025-9431
The CVE-2025-9431 entry concerns mtons mblog up to version 3.5.0. The vulnerability affects the /search function, where manipulation of the kw argument enables cross-site scripting. The issue can be exploited remotely, and exploits have been published. Public sources in the connected documents (e...
CVE-2025-9647
CVE-2025-9647 affects mtons mblog up to version 3.5.0. Root cause: manipulation of the Name argument in the file /admin/role/list enables cross-site scripting. Impact includes potential user-visible script execution with network‑based access and no privileges required, with user interaction repor...