Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web blog vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-3888
Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry...
Insanely Simple Blog Insanely Simple Blog
1 EDB exploit
4.3
CVSSv2
CVE-2010-2437
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
Anecms Anecms Blog 1.0
Anecms Anecms Blog
1 EDB exploit
NA
CVE-2023-29639
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows malicious users to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.
Zhenfeng13 My-blog Project Zhenfeng13 My-blog -
NA
CVE-2023-29636
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows malicious users to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString.
Zhenfeng13 My-blog Project Zhenfeng13 My-blog -
4.3
CVSSv2
CVE-2006-0361
Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote malicious users to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.
Bit 5 Blog Bit 5 Blog 8.01
1 EDB exploit
4.3
CVSSv2
CVE-2009-3719
Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Davethewebguy Battle Blog 1.25
Davethewebguy Battle Blog 1.30
1 EDB exploit
5
CVSSv2
CVE-2005-0853
betaparticle blog (bp blog) stores the database under the web root, which allows remote malicious users to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions prior to 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that...
Betaparticle Betaparticle Blog 2.0
Betaparticle Betaparticle Blog 3.0
1 EDB exploit
4.3
CVSSv2
CVE-2005-1945
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog prior to 1.1.2 Final allows remote malicious users to inject arbitrary web script or HTML via double hex encoded highlight data.
Invision Power Services Invision Community Blog 1.1
Invision Power Services Invision Community Blog 1.0
4.3
CVSSv2
CVE-2007-3198
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions prior to 20070610, allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Maran Php Blog
1 EDB exploit
4.3
CVSSv2
CVE-2007-1433
Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
Grayscale Grayscale Blog
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »