CVE-2024-28713
- EPSS 0.96%
- Veröffentlicht 28.03.2024 19:15:48
- Zuletzt bearbeitet 23.09.2025 00:55:52
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
CVE-2021-27280
- EPSS 0.04%
- Veröffentlicht 08.05.2023 14:15:10
- Zuletzt bearbeitet 29.01.2025 17:15:13
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVE-2021-46028
- EPSS 0.1%
- Veröffentlicht 20.01.2022 00:15:08
- Zuletzt bearbeitet 21.11.2024 06:33:30
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVE-2020-19618
- EPSS 0.19%
- Veröffentlicht 01.04.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:09:16
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19619
- EPSS 0.19%
- Veröffentlicht 01.04.2021 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:09:16
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19616
- EPSS 0.21%
- Veröffentlicht 01.04.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:09:16
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19617
- EPSS 0.19%
- Veröffentlicht 01.04.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:09:16
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.