Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29473 | 1 Zhyd | 1 Oneblog | 2025-04-01 | N/A | 6.1 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | |||||
| CVE-2025-2835 | 1 Zhyd | 1 Oneblog | 2025-04-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2833 | 1 Zhyd | 1 Oneblog | 2025-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-54954 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 8.0 HIGH |
| OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. | |||||
| CVE-2024-29474 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 5.4 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. | |||||
| CVE-2024-29470 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 6.1 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | |||||
| CVE-2024-29469 | 1 Zhyd | 1 Oneblog | 2025-03-28 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. | |||||
| CVE-2024-29472 | 1 Zhyd | 1 Oneblog | 2025-03-13 | N/A | 5.4 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. | |||||
| CVE-2024-29471 | 1 Zhyd | 1 Oneblog | 2024-11-21 | N/A | 5.4 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. | |||||
| CVE-2022-34013 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. | |||||
| CVE-2022-34012 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. | |||||
| CVE-2022-34011 | 1 Zhyd | 1 Oneblog | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | |||||