Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project blog vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4397
A vulnerability was found in morontt zend-blog-number-2. It has been classified as problematic. Affected is an unknown function of the file application/forms/Comment.php of the component Comment Handler. The manipulation leads to cross-site request forgery. It is possible to laun...
Zend-blog-2 Project Zend-blog-2 -
NA
CVE-2022-4354
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. T...
Pb-cms Project Pb-cms 2.0
NA
CVE-2021-41731
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field
News247 News Magazine \\(cms\\) Project News247 News Magazine \\(cms\\) 1.0
NA
CVE-2022-37679
Miniblog.Core v1.0 exists to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.
Miniblog.core Project Miniblog.core 1.0
NA
CVE-2022-2275
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have CSRF in an AJAX action, which could allow malicious users to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack
Wp Edit Menu Project Wp Edit Menu
NA
CVE-2022-2276
The WP Edit Menu WordPress plugin prior to 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated malicious users to delete arbitrary posts/pages from the blog
Wp Edit Menu Project Wp Edit Menu
NA
CVE-2022-36030
Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes availabl...
Project-nexus Project Project-nexus 1.0.1
NA
CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f exists to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
2 Github repositories
NA
CVE-2022-2740
A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attac...
Company Website Cms Project Company Website Cms -
NA
CVE-2022-2425
The WP DS Blog Map WordPress plugin up to and including 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in m...
Wp Ds Blog Map Project Wp Ds Blog Map
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »