Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-blog a-blog vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-14631
moodle prior to 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if ...
Moodle Moodle
NA
CVE-2024-31396
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arb...
5
CVSSv2
CVE-2007-0541
WordPress allows remote malicious users to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existin...
Wordpress Wordpress
7.5
CVSSv2
CVE-2006-3096
Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information i...
Ipostmx Ipostmx 2005
6.8
CVSSv2
CVE-2006-6925
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submi...
Bitweaver Bitweaver 1.1
Bitweaver Bitweaver 1.1.1 Beta
Bitweaver Bitweaver 1.3.1
Bitweaver Bitweaver 1.2.1
Bitweaver Bitweaver 1.3
1 EDB exploit
3.5
CVSSv2
CVE-2004-1865
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other me...
Bblog Bblog 0.7.2
NA
CVE-2024-25610
In Liferay Portal 7.2.0 up to and including 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which al...
NA
CVE-2024-30420
Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the produc...
NA
CVE-2024-27279
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and previous versions, Ver.3.0.x series Ver.3.0.30 and previous versions, Ver.2.11.x series Ver.2.11.59 and previous versions, Ver.2.10.x series Ver.2.10.51 and previous versions, and Ver.2.9 and pr...
6.8
CVSSv2
CVE-2006-3183
Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multi...
Mobescripts Mobile Space Community 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »