Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18066 | 1 Zrlog | 1 Zrlog | 2021-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. | |||||
| CVE-2020-21316 | 1 Zrlog | 1 Zrlog | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. | |||||
| CVE-2020-19005 | 1 Zrlog | 1 Zrlog | 2020-09-03 | 3.5 LOW | 5.7 MEDIUM |
| zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. | |||||
| CVE-2019-16643 | 1 Zrlog | 1 Zrlog | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. | |||||
| CVE-2018-17079 | 1 Zrlog | 1 Zrlog | 2019-06-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. | |||||
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2019-03-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | |||||