forestblog_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-3005 | A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.26% | 2025-03-31 | 2026-06-17 |
| CVE-2025-3004 | A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.1 | 0.30% | 2025-03-31 | 2026-06-17 |
| CVE-2024-57498 | Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function. | [email protected] | 4.8 | 0.31% | 2025-02-03 | 2026-06-17 |
| CVE-2023-6887 | A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247. | [email protected] | 6.3 | 0.91% | 2023-12-16 | 2026-06-17 |
| CVE-2022-29020 | ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. | [email protected] | 6.1 | 0.53% | 2022-04-15 | 2026-06-17 |
| CVE-2021-46034 | A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. | [email protected] | 6.1 | 0.58% | 2022-01-25 | 2026-06-17 |
| CVE-2021-46033 | In ForestBlog, as of 2021-12-28, File upload can bypass verification. | [email protected] | 9.8 | 1.16% | 2022-01-25 | 2026-06-17 |
| CVE-2020-18964 | Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges. | [email protected] | 8.8 | 0.55% | 2021-05-11 | 2026-06-16 |