← Back

Javaweb Blog

javaweb_blog

Vendor: Javaweb Blog Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-40037
1Javaweb Blog Project
1Javaweb Blog
Apr 2, 2025
Jan 26, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
CVE-2022-40034
1Javaweb Blog Project
1Javaweb Blog
Apr 3, 2025
Jan 23, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.