Mblog Project: >> Mblog >> 3.5.0 Security Vulnerabilities
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-05-08
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-20
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-01