Oneblog Security Vulnerabilities and Issues — Oneblog CVE List

Lucene search

ZhydOneblog

12 matches found

CVE•added 2025/02/10 6:15 p.m.•57 views

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.

8CVSS7.3AI score0.00125EPSS

CVE•added 2024/03/20 9:15 p.m.•56 views

CVE-2024-29471

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.

5.4CVSS5.9AI score0.00067EPSS

CVE•added 2025/03/27 4:15 a.m.•55 views

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remo...

5.3CVSS6.9AI score0.00039EPSS

CVE•added 2022/06/23 5:15 p.m.•54 views

CVE-2022-34012

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.

6.5CVSS6.4AI score0.00109EPSS

CVE•added 2022/06/23 5:15 p.m.•53 views

CVE-2022-34011

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.

4.3CVSS4.7AI score0.00124EPSS

CVE•added 2022/06/23 5:15 p.m.•52 views

CVE-2022-34013

OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.

4.3CVSS4.7AI score0.00124EPSS

CVE•added 2024/03/20 9:15 p.m.•52 views

CVE-2024-29472

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.

5.4CVSS6AI score0.00067EPSS

CVE•added 2025/03/27 4:15 a.m.•52 views

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the ...

6.9CVSS6.9AI score0.00141EPSS

CVE•added 2024/03/20 9:15 p.m.•48 views

CVE-2024-29473

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.

6.1CVSS5.9AI score0.00298EPSS

CVE•added 2024/03/20 9:15 p.m.•45 views

CVE-2024-29469

A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.

6.1CVSS5.6AI score0.00348EPSS

CVE•added 2024/03/20 9:15 p.m.•45 views

CVE-2024-29474

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.

5.4CVSS5.9AI score0.00553EPSS

CVE•added 2024/03/20 9:15 p.m.•43 views

CVE-2024-29470

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.

6.1CVSS5.9AI score0.00348EPSS