OneBlog
by OneBlog
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54954 | Hig | 0.52 | 8.0 | 0.00 | Feb 10, 2025 | OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. | ||
| CVE-2021-46085 | Med | 0.42 | 6.5 | 0.01 | Jan 25, 2022 | OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. | ||
| CVE-2024-29473 | Med | 0.40 | 6.1 | 0.00 | Mar 20, 2024 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | ||
| CVE-2024-29469 | Med | 0.40 | 6.1 | 0.00 | Mar 20, 2024 | A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | ||
| CVE-2024-29472 | Med | 0.35 | 5.4 | 0.00 | Mar 20, 2024 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. | ||
| CVE-2024-29471 | Med | 0.35 | 5.4 | 0.00 | Mar 20, 2024 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | ||
| CVE-2021-46025 | Med | 0.35 | 5.4 | 0.01 | Jan 19, 2022 | A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background. |
- risk 0.52cvss 8.0epss 0.00
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
- risk 0.42cvss 6.5epss 0.01
OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.
- risk 0.40cvss 6.1epss 0.00
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.
- risk 0.40cvss 6.1epss 0.00
A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.
- risk 0.35cvss 5.4epss 0.00
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.
- risk 0.35cvss 5.4epss 0.00
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
- risk 0.35cvss 5.4epss 0.01
A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background.