VYPR

ZrLog

by ZrLog

Source repositories

CVEs (13)

  • CVE-2025-45872CriJul 1, 2025
    risk 0.64cvss 9.8epss 0.00

    zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.

  • CVE-2021-44093CriNov 28, 2021
    risk 0.64cvss 9.8epss 0.03

    A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell

  • CVE-2020-27514CriAug 11, 2023
    risk 0.59cvss 9.1epss 0.01

    Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).

  • CVE-2021-44094HigNov 28, 2021
    risk 0.51cvss 7.8epss 0.01

    ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file

  • CVE-2018-17420HigMar 7, 2019
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.

  • CVE-2020-21052MedJun 20, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.

  • CVE-2020-18066MedJun 29, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.

  • CVE-2018-17079MedJun 19, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.

  • CVE-2018-17421MedMar 7, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.

  • CVE-2019-16643MedSep 20, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

  • CVE-2025-9591LowAug 28, 2025
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may…

  • CVE-2020-21316MedJun 15, 2021
    risk 0.00cvss 6.1epss 0.01

    A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

  • CVE-2020-19005MedAug 25, 2020
    risk 0.00cvss 5.7epss 0.01

    zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.