dotnetblogengine blogengine.net CVE 漏洞(7)

CVE 數: 7 CPE versions: View versions table

摘要

本頁列出影響 dotnetblogengine blogengine.net 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。

顯示 177 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2019-10721 BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. [email protected] 6.1 0.97% 2019-07-03 2026-06-16
CVE-2019-10717 BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. [email protected] 7.1 5.40% 2019-07-03 2026-06-16
CVE-2019-11392 BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. [email protected] 7.5 1.58% 2019-06-21 2026-06-16
CVE-2019-10719 BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714. [email protected] 8.8 7.60% 2019-06-21 2026-06-16
CVE-2019-10718 BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. [email protected] 7.5 2.66% 2019-06-21 2026-06-16
CVE-2013-6953 BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. [email protected] 5.0 1.31% 2014-01-03 2026-06-16
CVE-2008-6476 Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter. [email protected] 4.3 1.47% 2009-03-16 2026-06-16
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence