Mblog Project

mblog_project

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-27280 1Mblog Project 1Mblog Jun 17, 2026 May 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVE-2021-46028 1Mblog Project 1Mblog Jun 17, 2026 Jan 20, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVE-2020-19619 1Mblog Project 1Mblog Jun 17, 2026 Apr 1, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19618 1Mblog Project 1Mblog Jun 17, 2026 Apr 1, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19617 1Mblog Project 1Mblog Jun 17, 2026 Apr 1, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.
CVE-2020-19616 1Mblog Project 1Mblog Jun 17, 2026 Apr 1, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.