CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23916
https://notcve.org/view.php?id=CVE-2022-23916
24 Feb 2022 — Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-24374. La vulnerabilidad de scripting cruzado en a-blog cms versiones Ver.2.8.x se... • https://developer.a-blogcms.jp/blog/news/security-202202.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23810
https://notcve.org/view.php?id=CVE-2022-23810
24 Feb 2022 — Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. Una vulnerabilidad de inyección de plantillas ... • https://developer.a-blogcms.jp/blog/news/security-202202.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-21142
https://notcve.org/view.php?id=CVE-2022-21142
24 Feb 2022 — Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. Una vulnerabilidad de omisión de autenticación en a-blog cms versiones Ver.2.8.x anteriores a Ver.2.8.74, versiones Ver.2.9.x anteriores a Ver.2.9.39, versiones Ver.2.10.x... • https://developer.a-blogcms.jp/blog/news/security-202202.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6033
https://notcve.org/view.php?id=CVE-2019-6033
26 Dec 2019 — Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en a-blog cms versiones anteriores a Ver.2.10.23 (versiones Ver.2.10.x), Ver.2.9.26 (versiones Ver.2.9.x) y Ver.2.8.64 (versiones Ver.2.8. x), permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores n... • http://jvn.jp/en/jp/JVN10377257/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6034
https://notcve.org/view.php?id=CVE-2019-6034
26 Dec 2019 — a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. a-blog cms versiones anteriores a Ver.2.10.23 (versiones Ver.2.10.x), Ver.2.9.26 (versiones Ver.2.9.x) y Ver.2.8.64 (versiones Ver.2.8.x), permite scripts arbitrarios para ser ejecutados en el contexto de la aplicación debido a vectores no especificados. • http://jvn.jp/en/jp/JVN10377257/index.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1178
https://notcve.org/view.php?id=CVE-2016-1178
12 Apr 2017 — The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. La sesión de administración de la funcionalidad de comentarios en appleple a-blog cms 2.6.0.1 y versiones anteriores permite a atacantes remotos a obtener o modificar información sensible a través de vectores no especificados. • http://jvn.jp/en/jp/JVN03975805/index.html • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1179
https://notcve.org/view.php?id=CVE-2016-1179
12 Apr 2017 — Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad (XSS) en la plantilla estándar de la funcionalidad de comentarios en appleple a-blog cms 2.6.0.1 y versiones anteriores permite a atacantes remotos a inyectar secuencias de comandos de web o HTML arbitrario. • http://jvn.jp/en/jp/JVN73166466/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2292
https://notcve.org/view.php?id=CVE-2009-2292
01 Jul 2009 — Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Appleple a-News v2.32, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores no especificados. • http://jvn.jp/en/jp/JVN42927215/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •