RSS   Podatności dla 'Zrlog'   RSS

2021-11-28
 
CVE-2021-44093

CWE-434
 

 
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell

 
 
CVE-2021-44094

CWE-434
 

 
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file

 
2021-06-29
 
CVE-2020-18066

CWE-79
 

 
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.

 
2021-06-15
 
CVE-2020-21316

CWE-79
 

 
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

 
2019-09-20
 
CVE-2019-16643

CWE-79
 

 
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

 
2019-06-19
 
CVE-2018-17079

CWE-79
 

 
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.

 
2019-03-07
 
CVE-2018-17421

CWE-79
 

 
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.

 
 
CVE-2018-17420

CWE-89
 

 
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top