Aggregates CVE and security vulnerability intelligence across all blogotext_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-17794 | validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. | [email protected] | 9.8 | 1.54% | 2017-12-20 | 2026-05-13 |
| CVE-2017-17793 | Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). | [email protected] | 7.5 | 1.93% | 2017-12-20 | 2026-05-13 |
| CVE-2017-17792 | Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | [email protected] | 6.1 | 1.00% | 2017-12-20 | 2026-05-13 |
| CVE-2017-14957 | Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog. | [email protected] | 6.1 | 1.05% | 2017-10-02 | 2026-05-13 |