Shodan
Vulnerabilities
Vulnerable Software
Blogengine:  >> Blogengine.net  >> 3.3.8.0  Security Vulnerabilities
CVE-2023-33404
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
CVSS Score
9.8
EPSS Score
0.843
Published
2023-06-26
CVE-2023-33405
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
CVSS Score
6.1
EPSS Score
0.493
Published
2023-06-21
CVE-2023-22858
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-03-06
CVE-2023-22856
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-03-06
CVE-2023-22857
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-03-06
CVE-2022-41417
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-18
CVE-2022-41418
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-12-19
CVE-2022-36600
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-09-02
CVE-2022-28921
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-05-18
CVE-2022-25591
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.
CVSS Score
9.1
EPSS Score
0.097
Published
2022-05-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved