Appleple A-Blog Cms vulnerabilities
26 known vulnerabilities affecting appleple/a-blog_cms.
Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH6MEDIUM18
Vulnerabilities
Page 2 of 2
CVE-2024-23183P4MEDIUMCVSS 5.4≤ 2.9.0≥ 2.10.0, < 2.10.50+3 more2024-01-23
CVE-2024-23183 [MEDIUM] CWE-79 CVE-2024-23183: Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in
nvd
CVE-2025-32999P4MEDIUMCVSS 5.4≥ 3.0.0, < 3.0.47≥ 3.1.0, < 3.1.432025-05-19
CVE-2025-32999 [MEDIUM] CWE-79 CVE-2025-32999: Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to V
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who
nvd
CVE-2024-25559P4MEDIUMCVSS 4.7≥ 3.1.0, ≤ 3.1.82024-02-15
CVE-2024-25559 [MEDIUM] CWE-601 CVE-2024-25559: URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a speci
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
nvd
CVE-2024-30420P4MEDIUMCVSS 4.4≥ 3.0.0, < 3.0.32≥ 3.1.0, < 3.1.122024-05-22
CVE-2024-30420 [MEDIUM] CWE-918 CVE-2024-30420: Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prio
Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may obtain arbitrary files on the server and information on the inter
nvd
CVE-2016-1179P4MEDIUMCVSS 6.1≤ 2.6.0.12017-04-12
CVE-2016-1179 [MEDIUM] CWE-79 CVE-2016-1179: Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in ap
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
nvd
CVE-2019-6033P4MEDIUMCVSS 6.1≥ 2.8.0, < 2.8.64≥ 2.9.0, < 2.9.6+1 more2019-12-26
CVE-2019-6033 [MEDIUM] CWE-79 CVE-2019-6033: Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9
Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
← Previous2 / 2