Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project blog vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2022-4354
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. T...
Pb-cms Project Pb-cms 2.0
4.8
CVSSv3
CVE-2021-41731
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field
News247 News Magazine \\(cms\\) Project News247 News Magazine \\(cms\\) 1.0
4.8
CVSSv3
CVE-2022-37679
Miniblog.Core v1.0 exists to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.
Miniblog.core Project Miniblog.core 1.0
4.3
CVSSv3
CVE-2022-2275
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have CSRF in an AJAX action, which could allow malicious users to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
Wp Edit Menu Project Wp Edit Menu
4.3
CVSSv3
CVE-2022-2276
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated malicious users to delete arbitrary posts/pages from the blog
Wp Edit Menu Project Wp Edit Menu
9.8
CVSSv3
CVE-2022-36030
Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes availabl...
Project-nexus Project Project-nexus 1.0.1
6.1
CVSSv3
CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f exists to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
2 Github repositories
9.8
CVSSv3
CVE-2022-2740
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attac...
Company Website Cms Project Company Website Cms -
4.8
CVSSv3
CVE-2022-2425
The WP DS Blog Map WordPress plugin up to and including 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in m...
Wp Ds Blog Map Project Wp Ds Blog Map
4.3
CVSSv3
CVE-2022-2144
The Jquery Validation For Contact Form 7 WordPress plugin prior to 5.3 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack
Jquery Validation For Contact Form 7 Project Jquery Validation For Contact Form 7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »