Vulnerabilities (CVE)

Filtered by vendor Zblogcn Subscribe
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10680 1 Zblogcn 1 Z-blogphp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug.