Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web blog vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-4749
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php.
Blogcms Blog\\ Cms
1 EDB exploit
NA
CVE-2009-4364
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote malicious users to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obta...
Scriptsez Ez Blog
2 EDB exploits
6.1
CVSSv3
CVE-2016-7840
Cross-site scripting vulnerability in WEB SCHEDULE allows remote malicious users to inject arbitrary web script or HTML via the month parameter.
Olive Design Olive Blog -
5.4
CVSSv3
CVE-2023-5291
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for au...
Awplife Blog Filter
5.4
CVSSv3
CVE-2023-5295
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authe...
Awplife Blog Filter
6.1
CVSSv3
CVE-2016-7839
Cross-site scripting vulnerability in Olive Blog allows remote malicious users to inject arbitrary web script or HTML via the search parameter.
Olive Design Olive Blog -
NA
CVE-2006-0562
Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote malicious users to inject arbitrary web script or HTML via the data parameter.
Pluggedout Pluggedout Blog 1.9.9c
9.8
CVSSv3
CVE-2022-25420
NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows malicious users to execute arbitrary code via a crafted HTTP request.
Nttr Goo Blog 1.0
1 Github repository
NA
CVE-2006-2522
Dayfox Blog 2.0 and previous versions stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote malicious users to gain privileges.
Dayfox Designs Dayfox Blog
NA
CVE-2007-3083
Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for zblog.mdb.
Rainbowsoft Z-blog 1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »