Filtered by vendor Zblogcn
Subscribe
Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11208 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege | |||||
| CVE-2018-10680 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug. | |||||