Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-19901
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
No-cms Project No-cms 1.1.3
NA
CVE-2022-37679
Miniblog.Core v1.0 exists to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.
Miniblog.core Project Miniblog.core 1.0
4.3
CVSSv2
CVE-2020-25088
Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
4.3
CVSSv2
CVE-2017-14957
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText prior to 3.7.6 allows an unauthenticated malicious user to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to...
Blogotext Project Blogotext
NA
CVE-2021-35290
File Upload vulnerability in balerocms-src 0.8.3 allows remote malicious users to run arbitrary code via rich text editor on /admin/main/mod-blog page.
Balero Cms Project Balero Cms 0.8.3
6.5
CVSSv2
CVE-2021-24192
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then b...
Sitemap Project Sitemap
NA
CVE-2023-6021
LFI in Ray's log API endpoint allows malicious users to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cv...
Ray Project Ray -
2 Articles
4.3
CVSSv2
CVE-2021-24818
The WP Limits WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, allowing malicious user to make a logged in admin change them, which could make the blog unstable by setting low values
Wp Limits Project Wp Limits
4.3
CVSSv2
CVE-2018-7274
Yab Quarx up to and including 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
Quarx Cms Project Quarx Cms
NA
CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f exists to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »