VYPR

OneBlog

by zhangyd-c

CVEs (8)

  • CVE-2022-34012MedJun 23, 2022
    risk 0.42cvss 6.5epss 0.01

    Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.

  • CVE-2025-2833MedMar 27, 2025
    risk 0.35cvss 5.3epss 0.01

    A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is…

  • CVE-2021-46025MedJan 19, 2022
    risk 0.35cvss 5.4epss 0.01

    A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background.

  • CVE-2025-2835MedMar 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack…

  • CVE-2022-34013MedJun 23, 2022
    risk 0.28cvss 4.3epss 0.01

    OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.

  • CVE-2022-34011MedJun 23, 2022
    risk 0.28cvss 4.3epss 0.01

    OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.

  • CVE-2025-60355Oct 28, 2025
    risk 0.00cvss epss 0.00

    zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

  • CVE-2025-56264Sep 16, 2025
    risk 0.00cvss epss 0.00

    The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.