Shodan
Vulnerabilities
Vulnerable Software
Zhyd:  Security Vulnerabilities
CVE-2025-2835
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-03-27
CVE-2025-2833
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-03-27
CVE-2024-54954
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
CVSS Score
8.0
EPSS Score
0.001
Published
2025-02-10
CVE-2024-29469
A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-20
CVE-2024-29470
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-20
CVE-2024-29471
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-20
CVE-2024-29472
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-20
CVE-2024-29473
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-03-20
CVE-2024-29474
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.
CVSS Score
5.4
EPSS Score
0.006
Published
2024-03-20
CVE-2022-34011
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved