4 matches found
CVE-2008-2349
CVE-2008-2349 affects Zomplog,
CVE-2008-2176
CVE-2008-2176 describes a cross-site scripting (XSS) vulnerability in the Zomplog web app. The affected component is the admin/category.php script in Zomplog 3.8.2, where an attacker can supply input via the catname parameter to inject arbitrary web script or HTML. The available records confirm t...
CVE-2023-53888
CVE-2023-53888 affects Zomplog 3.9. An authenticated attacker can upload JavaScript files, rename them to PHP, and trigger arbitrary PHP code execution via the app’s file-manipulation endpoints (saveE and rename actions). The vulnerability originates from the authenticated file manipulation workf...
CVE-2023-53887
Zomplog 3.9 is affected by a cross-site scripting vulnerability that can be triggered during page creation by authenticated users. The issue arises from allowing crafted image src and onerror attributes to inject and execute arbitrary JavaScript in the victim’s browser. The impact is client-side ...