This page lists publicly disclosed CVE vulnerabilities affecting armanidrisi dev_blog (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-6144 | Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username. | [email protected] | 9.1 | 0.07% | 2023-11-21 | 2024-11-21 |
| CVE-2023-6142 | Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim. | [email protected] | 5.4 | 0.11% | 2023-11-21 | 2025-05-19 |