zrlog 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection、vendor risk ssrf, and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise、ファイル上書き, and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-45872 | zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. | [email protected] | 9.8 | 0.39% | 2025-07-01 | 2025-08-14 |
| CVE-2020-27514 | Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | [email protected] | 9.1 | 1.14% | 2023-08-11 | 2024-11-21 |
| CVE-2020-21052 | Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. | [email protected] | 6.1 | 0.17% | 2023-06-20 | 2024-12-10 |
| CVE-2021-44094 | ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | [email protected] | 7.8 | 1.20% | 2021-11-28 | 2024-11-21 |
| CVE-2021-44093 | A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | [email protected] | 9.8 | 4.52% | 2021-11-28 | 2024-11-21 |
| CVE-2020-18066 | Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. | [email protected] | 6.1 | 0.20% | 2021-06-29 | 2024-11-21 |
| CVE-2020-21316 | A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. | [email protected] | 6.1 | 0.86% | 2021-06-15 | 2024-11-21 |
| CVE-2020-19005 | zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. | [email protected] | 5.7 | 0.19% | 2020-08-25 | 2024-11-21 |
| CVE-2019-16643 | An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. | [email protected] | 5.4 | 0.26% | 2019-09-20 | 2024-11-21 |
| CVE-2018-17079 | An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. | [email protected] | 6.1 | 0.22% | 2019-06-19 | 2024-11-21 |
| CVE-2018-17421 | An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | [email protected] | 6.1 | 0.24% | 2019-03-07 | 2024-11-21 |
| CVE-2018-17420 | An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | [email protected] | 7.2 | 0.27% | 2019-03-07 | 2024-11-21 |