VYPR
Vendor

Forest Blog

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2021-46033CriJan 25, 2022
    risk 0.64cvss 9.8epss 0.01

    In ForestBlog, as of 2021-12-28, File upload can bypass verification.

  • CVE-2020-18964HigMay 11, 2021
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.

  • CVE-2022-29020MedApr 16, 2022
    risk 0.40cvss 6.1epss 0.01

    ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.

  • CVE-2021-46034MedJan 25, 2022
    risk 0.40cvss 6.1epss 0.01

    A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.

  • CVE-2008-5780Dec 30, 2008
    risk 0.03cvss epss 0.03

    Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.