Oneblog Security Vulnerabilities and Issues — Oneblog CVE List

Lucene search

ZhydOneblog

5 matches found

CVE•added 2022/06/23 5:15 p.m.•54 views

CVE-2022-34012

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.

6.5CVSS6.4AI score0.00109EPSS

CVE•added 2025/03/27 4:15 a.m.•52 views

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the ...

6.9CVSS6.9AI score0.00141EPSS

CVE•added 2024/03/20 9:15 p.m.•48 views

CVE-2024-29473

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.

6.1CVSS5.9AI score0.00298EPSS

CVE•added 2024/03/20 9:15 p.m.•45 views

CVE-2024-29469

A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.

6.1CVSS5.6AI score0.00348EPSS

CVE•added 2024/03/20 9:15 p.m.•43 views

CVE-2024-29470

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.

6.1CVSS5.9AI score0.00348EPSS