Vulnerabilities (CVE)

Filtered by vendor Mblog Project Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-46028 1 Mblog Project 1 Mblog 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVE-2021-27280 1 Mblog Project 1 Mblog 2024-11-21 N/A 7.8 HIGH
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVE-2020-19619 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616 1 Mblog Project 1 Mblog 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.