Z-blogphp Security Vulnerabilities and Issues — Z-blogphp CVE List

Lucene search

ZblogcnZ-blogphp

3 matches found

CVE•added 2018/05/16 3:29 p.m.•43 views

CVE-2018-11209

An issue was discovered in Z-BlogPHP 2.0.0. zb_system/cmd.php?act=verify relies on MD5 for the password parameter, which might make it easier for attackers to bypass intended access restrictions via a dictionary or rainbow-table attack. NOTE: the vendor declined to accept this as a valid issue

7.2CVSS7AI score0.0009EPSS

CVE•added 2018/05/16 3:29 p.m.•38 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type o...

4.8CVSS4.9AI score0.00258EPSS

CVE•added 2018/05/02 7:29 p.m.•37 views

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance...

6.1CVSS5.9AI score0.0024EPSS