Mblog Project: >> Mblog Security Vulnerabilities
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVSS Score
7.8
EPSS Score
0.01
Published
2023-05-08
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-01-20
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-04-01
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-04-01
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-04-01
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-04-01