Vulnerabilities (CVE)

Filtered by vendor Javaweb Blog Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40037 1 Javaweb Blog Project 1 Javaweb Blog 2024-11-21 N/A 9.8 CRITICAL
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
CVE-2022-40034 1 Javaweb Blog Project 1 Javaweb Blog 2024-11-21 N/A 5.4 MEDIUM
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.