Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zrlog vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-16643
An issue exists in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
Zrlog Zrlog 2.0.1
9.1
CVSSv3
CVE-2020-27514
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote malicious users to delete arbitrary files and cause a denial of service (DoS).
Zrlog Zrlog 2.1.5
6.1
CVSSv3
CVE-2018-17079
An issue exists in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
Zrlog Zrlog 2.0.1
9.8
CVSSv3
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
Zrlog Zrlog 2.2.2
7.8
CVSSv3
CVE-2021-44094
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
Zrlog Zrlog 2.2.2
5.7
CVSSv3
CVE-2020-19005
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
Zrlog Zrlog 2.1.0
6.1
CVSSv3
CVE-2020-18066
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
Zrlog Zrlog 2.1.0
7.2
CVSSv3
CVE-2018-17420
An issue exists in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
Zrlog Zrlog 2.0.3
6.1
CVSSv3
CVE-2018-17421
An issue exists in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
Zrlog Zrlog 2.0.3
6.1
CVSSv3
CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote malicious user to execute arbitrary code via the nickame parameter of the /post/addComment function.
Zrlog Zrlog 2.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »