Z-blogphp Security Vulnerabilities and Issues — Z-blogphp CVE List

Lucene search

ZblogcnZ-blogphp

3 matches found

CVE•added 2018/05/16 3:29 p.m.•38 views

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type o...

4.8CVSS4.9AI score0.00258EPSS

CVE•added 2018/04/16 9:58 a.m.•36 views

CVE-2018-9169

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF.

4.8CVSS4.9AI score0.00207EPSS

CVE•added 2018/11/26 7:29 a.m.•35 views

CVE-2018-19556

zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability

4.3CVSS4.6AI score0.0025EPSS