Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-19901
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
No-cms Project No-cms 1.1.3
NA
CVE-2022-37679
Miniblog.Core v1.0 exists to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field.
Miniblog.core Project Miniblog.core 1.0
383
VMScore
CVE-2020-25088
Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
383
VMScore
CVE-2017-14957
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText prior to 3.7.6 allows an unauthenticated malicious user to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to...
Blogotext Project Blogotext
NA
CVE-2021-35290
File Upload vulnerability in balerocms-src 0.8.3 allows remote malicious users to run arbitrary code via rich text editor on /admin/main/mod-blog page.
Balero Cms Project Balero Cms 0.8.3
578
VMScore
CVE-2021-24192
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then b...
Sitemap Project Sitemap
NA
CVE-2023-6021
LFI in Ray's log API endpoint allows malicious users to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cv...
Ray Project Ray -
2 Articles
383
VMScore
CVE-2021-24818
The WP Limits WordPress plugin up to and including 1.0 does not have CSRF check when saving its settings, allowing malicious user to make a logged in admin change them, which could make the blog unstable by setting low values
Wp Limits Project Wp Limits
383
VMScore
CVE-2018-7274
Yab Quarx up to and including 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
Quarx Cms Project Quarx Cms
NA
CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f exists to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.
Ecommerce-codeigniter-bootstrap Project Ecommerce-codeigniter-bootstrap
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »