VYPR

OneBlog

by OneBlog

CVEs (7)

  • CVE-2024-54954HigFeb 10, 2025
    risk 0.52cvss 8.0epss 0.00

    OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.

  • CVE-2021-46085MedJan 25, 2022
    risk 0.42cvss 6.5epss 0.01

    OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.

  • CVE-2024-29473MedMar 20, 2024
    risk 0.40cvss 6.1epss 0.00

    OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.

  • CVE-2024-29469MedMar 20, 2024
    risk 0.40cvss 6.1epss 0.00

    A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.

  • CVE-2024-29472MedMar 20, 2024
    risk 0.35cvss 5.4epss 0.00

    OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.

  • CVE-2024-29471MedMar 20, 2024
    risk 0.35cvss 5.4epss 0.00

    OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.

  • CVE-2021-46025MedJan 19, 2022
    risk 0.35cvss 5.4epss 0.01

    A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background.