Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-41731
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field
News247 News Magazine \\(cms\\) Project News247 News Magazine \\(cms\\) 1.0
NA
CVE-2023-5919
A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack m...
Company Website Cms Project Company Website Cms 1.0
6.8
CVSSv2
CVE-2017-6002
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
Intelliants Subrion Cms 4.0.5.10
7.5
CVSSv2
CVE-2019-11618
doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=...
Doorgets Doorgets Cms 7.0
6.8
CVSSv2
CVE-2017-18366
Subrion CMS 4.1.5 has CSRF in blog/delete/.
Intelliants Subrion Cms 4.1.5
4.3
CVSSv2
CVE-2021-40106
An issue exists in Concrete CMS up to and including 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
Concretecms Concrete Cms
NA
CVE-2022-37720
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the maliciou...
Orchardcore Orchard Cms 1.10.3
3.5
CVSSv2
CVE-2019-16661
Ogma CMS 0.5 has XSS via creation of a new blog.
Digimute Ogma Cms 0.5
6.8
CVSSv2
CVE-2012-1227
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote malicious users to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an ...
Pluck-cms Pluck 4.7
7.5
CVSSv2
CVE-2016-7781
SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the author parameter.
Exponentcms Exponent Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »