Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog cms vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-8708
Pluck CMS 4.7.2 allows remote malicious users to execute arbitrary code via the blog form feature.
Pluck-cms Pluck 4.7.2
668
VMScore
CVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
Kentico Kentico Cms 5.5
312
VMScore
CVE-2020-22392
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
Intelliants Subrion Cms 4.2.2
383
VMScore
CVE-2018-7197
An issue exists in Pluck up to and including 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
Pluck-cms Pluck
1 Github repository
605
VMScore
CVE-2017-6069
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.
Intelliants Subrion Cms 4.0.5
312
VMScore
CVE-2022-33113
Jfinal CMS v5.1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module.
Jflyfox Jfinal Cms 5.1.0
NA
CVE-2022-36527
Jfinal CMS v5.1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.
Jflyfox Jfinal Cms 5.1.0
505
VMScore
CVE-2017-18195
An issue exists in tools/conversations/view_ajax.php in Concrete5 prior to 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/view_ajax with incremental 'cnvID' integers.
Concretecms Concrete Cms
1 EDB exploit
685
VMScore
CVE-2008-6842
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
Pluck-cms Pluck 4.6.1
1 EDB exploit
312
VMScore
CVE-2018-17256
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
Umbraco Umbraco Cms 7.12.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »