Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-blog vulnerabilities and exploits
(subscribe to this query)
9
CVSSv3
CVE-2022-37721
PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation.
Pyrocms Pyrocms 3.9
4.3
CVSSv3
CVE-2022-27174
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and previous versions allows a remote unauthenticated malicious user to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.
Easy Blog Project Easy Blog
NA
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
NA
CVE-2006-2564
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote malicious users to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
Alstrasoft E-friends 4.0
5.3
CVSSv3
CVE-2022-43504
Improper authentication vulnerability in WordPress versions before 6.0.3 allows a remote unauthenticated malicious user to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all ve...
Wordpress Wordpress
NA
CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote malicious users to obtain sensitive information by reading this feed.
Moodle Moodle 2.1.0
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.1.6
Moodle Moodle 2.1.7
Moodle Moodle 2.1.1
Moodle Moodle 2.1.8
Moodle Moodle 2.1.2
Moodle Moodle 2.1.3
Moodle Moodle 2.1.9
Moodle Moodle 2.2.5
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.6
Moodle Moodle 2.3.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
Moodle Moodle 2.3.2
Moodle Moodle 2.4.0
NA
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 does not properly check the publication state of blog files, which allows remote malicious users to obtain sensitive information by reading a blog entry that references a non-public fil...
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.5
Moodle Moodle 2.1.7
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.2.3
Moodle Moodle 2.3.1
Moodle Moodle 2.3.0
NA
CVE-2009-4907
Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote malicious users to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5...
Dootzky Oblog
1 EDB exploit
NA
CVE-2006-4829
Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote malicious users to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-n...
Blojsom Blojsom 2.31
1 EDB exploit
9
CVSSv3
CVE-2022-37720
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the maliciou...
Orchardcore Orchard Cms 1.10.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »