Zhyd

Oneblog

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-56264

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.09.2025 00:00:00
  • Zuletzt bearbeitet 23.09.2025 16:44:37

The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.

5.3

CVE-2025-2835

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.03.2025 04:00:07
  • Zuletzt bearbeitet 01.04.2025 15:43:38

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side...

6.9

CVE-2025-2833

Exploit
  • EPSS 0.18%
  • Veröffentlicht 27.03.2025 04:00:05
  • Zuletzt bearbeitet 01.04.2025 15:43:23

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular exp...

8

CVE-2024-54954

Exploit
  • EPSS 0.22%
  • Veröffentlicht 10.02.2025 18:15:29
  • Zuletzt bearbeitet 28.03.2025 16:49:01

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.

6.1

CVE-2024-29469

Exploit
  • EPSS 0.47%
  • Veröffentlicht 20.03.2024 21:15:32
  • Zuletzt bearbeitet 28.03.2025 16:45:49

A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.

6.1

CVE-2024-29470

Exploit
  • EPSS 0.47%
  • Veröffentlicht 20.03.2024 21:15:32
  • Zuletzt bearbeitet 28.03.2025 16:48:37

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.

5.4

CVE-2024-29471

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.03.2024 21:15:32
  • Zuletzt bearbeitet 21.11.2024 09:08:03

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.

5.4

CVE-2024-29472

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.03.2024 21:15:32
  • Zuletzt bearbeitet 13.03.2025 18:15:39

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.

6.1

CVE-2024-29473

Exploit
  • EPSS 0.41%
  • Veröffentlicht 20.03.2024 21:15:32
  • Zuletzt bearbeitet 01.04.2025 16:57:59

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.

5.4

CVE-2024-29474

Exploit
  • EPSS 0.75%
  • Veröffentlicht 20.03.2024 21:15:32
  • Zuletzt bearbeitet 28.03.2025 16:48:47

OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.