Lucene search
K
MtonsMblog

14 matches found

CVE
CVE
added 2024/03/28 12:0 a.m.60 views

CVE-2024-28713

CVE-2024-28713 affects Mblog Blog system v3.5.0. A vulnerability in the theme management feature allows an attacker to execute arbitrary code by supplying a crafted file. The issue is confirmed across multiple sources (Red Hat, CVE listings) and is rated as highly severe (CVSS v3.1: 9.8, Critical...

9.8CVSS7.7AI score0.01536EPSS
CVE
CVE
added 2025/01/09 12:31 a.m.46 views

CVE-2024-13198

CVE-2024-13198 affects langhsu Mblog Blog System 3.5.0. The vulnerability is in an unknown function of the file /login , causing an observable response discrepancy. It can be exploited remotely, with attack complexity described as high. Exploit has been disclosed publicly. Vendor response to disc...

6.3CVSS4.2AI score0.00668EPSS
CVE
CVE
added 2025/01/09 12:31 a.m.46 views

CVE-2024-13199

CVE-2024-13199 affects langhsu Mblog Blog System 3.5.0. The vulnerability resides in the /search endpoint of the Search Bar component, where manipulating the kw argument triggers a cross-site scripting (XSS) vulnerability. The issue can be exploited remotely, and public disclosure has occurred. M...

6.1CVSS3.7AI score0.0044EPSS
CVE
CVE
added 2025/08/13 8:2 p.m.26 views

CVE-2025-8927

Summary (CVE-2025-8927) : A vulnerability exists in mtons mblog up to version 3.5.0 affecting the Verification Code Handler, specifically the file /email/send_code. Malicious manipulation of the email parameter can bypass restrictions on excessive authentication attempts. The issue can be exploit...

6.3CVSS7.5AI score0.00636EPSS
Web
CVE
CVE
added 2025/08/15 1:5 a.m.26 views

CVE-2025-8992

Summary: CVE-2025-8992 affects mtons mblog up to version 3.5.0, with a cross-site request forgery (CSRF) flaw arising in an unknown functionality. The vulnerability can be exploited remotely and exploit details have been publicly disclosed. Multiple connected sources corroborate this issue (Red H...

6.5CVSS7AI score0.00249EPSS
CVE
CVE
added 2025/08/15 2:32 a.m.23 views

CVE-2025-9004

CVE-2025-9004 affects mtons mblog up to version 3.5.0 (and related advisories reference versions prior to 3.5.1). The issue stems from improper restriction of excessive authentication attempts when processing /settings/password, with potential remote initiation. Exploitation is described as diffi...

9.1CVSS7.4AI score0.00895EPSS
CVE
CVE
added 2025/08/15 3:2 a.m.22 views

CVE-2025-9005

The vulnerability CVE-2025-9005 affects mtons mblog up to version 3.5.0, where an unknown function in the /register endpoint can trigger information exposure via an error message. It can be exploited remotely; attack complexity is high and exploitation is not trivial. Public disclosure exists, wi...

6.3CVSS6.8AI score0.00547EPSS
CVE
CVE
added 2025/08/26 12:32 a.m.22 views

CVE-2025-9432

CVE-2025-9432 affects mtons mblog up to version 3.5.0, specifically the Admin Panel component in /admin/post/list where manipulating the Title argument enables cross-site scripting. The vulnerability can be triggered remotely and has been publicly disclosed. Exploitation details are not provided ...

6.1CVSS6.4AI score0.00334EPSS
Web
CVE
CVE
added 2025/08/25 10:32 a.m.20 views

CVE-2025-9407

CVE-2025-9407 affects mtons mblog up to version 3.5.0. The vulnerability lies in an unknown functionality of the file /settings/profile where manipulation of the signature parameter can trigger cross-site scripting. Exploitation is possible remotely. A fixed version is not present in the affected...

5.4CVSS3.7AI score0.00225EPSS
Web
CVE
CVE
added 2025/08/25 11:32 p.m.19 views

CVE-2025-9429

CVE-2025-9429 affects mtons mblog up to 3.5.0. The vulnerability is in the Post Handler’s file path /post/submit, where manipulation of the content/title argument leads to cross-site scripting (XSS). The issue can be triggered remotely and the exploit has been publicly disclosed. Affected version...

5.4CVSS4AI score0.00234EPSS
Web
CVE
CVE
added 2025/08/26 12:2 a.m.19 views

CVE-2025-9430

CVE-2025-9430 is reported for mtons mblog up to 3.5.0. The issue arises from improper handling of input in the file "/admin/options/update", allowing cross-site scripting. The CVE entry notes that the attack can be launched remotely and that the exploit is public. Connected sources consistently i...

4.8CVSS3.6AI score0.00249EPSS
CVE
CVE
added 2025/08/26 1:2 a.m.19 views

CVE-2025-9433

CVE-2025-9433 affects mtons mblog up to version 3.5.0. The vulnerability is an XSS in the Admin Panel, specifically in the /admin/user/list function where manipulating the Name parameter can trigger cross-site scripting. Exploitation can be performed remotely, and public PoCs exist. Several conne...

6.1CVSS6.4AI score0.0038EPSS
Web
CVE
CVE
added 2025/08/26 12:2 a.m.18 views

CVE-2025-9431

The CVE-2025-9431 entry concerns mtons mblog up to version 3.5.0. The vulnerability affects the /search function, where manipulation of the kw argument enables cross-site scripting. The issue can be exploited remotely, and exploits have been published. Public sources in the connected documents (e...

6.1CVSS4.4AI score0.00334EPSS
CVE
CVE
added 2025/08/29 1:2 p.m.13 views

CVE-2025-9647

CVE-2025-9647 affects mtons mblog up to version 3.5.0. Root cause: manipulation of the Name argument in the file /admin/role/list enables cross-site scripting. Impact includes potential user-visible script execution with network‑based access and no privileges required, with user interaction repor...

6.1CVSS5.3AI score0.00331EPSS
Web