Z-blogphp Security Vulnerabilities and Issues — Z-blogphp CVE List

Lucene search

ZblogcnZ-blogphp

5 matches found

CVE•added 2024/07/08 4:15 p.m.•52 views

CVE-2024-39203

A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1CVSS5.6AI score0.00485EPSS

CVE•added 2018/03/06 9:29 p.m.•49 views

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability

6.1CVSS5.9AI score0.02794EPSS

CVE•added 2021/06/07 7:15 p.m.•41 views

CVE-2020-18268

Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php."

6.1CVSS6AI score0.06993EPSS

CVE•added 2018/05/02 7:29 p.m.•37 views

CVE-2018-10680

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2018/02/06 2:29 p.m.•30 views

CVE-2018-6656

Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories.

6.5CVSS6.5AI score0.00098EPSS