Medium severity6.1NVD Advisory· Published May 2, 2018· Updated Jun 17, 2026
CVE-2018-10680
CVE-2018-10680
Description
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- github.com/zblogcn/zblogphp/issues/185nvdExploitThird Party Advisory
- github.com/zblogcn/zblogphp/issues/205nvdThird Party Advisory
News mentions
0No linked articles in our index yet.