CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6033
https://notcve.org/view.php?id=CVE-2019-6033
26 Dec 2019 — Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en a-blog cms versiones anteriores a Ver.2.10.23 (versiones Ver.2.10.x), Ver.2.9.26 (versiones Ver.2.9.x) y Ver.2.8.64 (versiones Ver.2.8. x), permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores n... • http://jvn.jp/en/jp/JVN10377257/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6034
https://notcve.org/view.php?id=CVE-2019-6034
26 Dec 2019 — a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors. a-blog cms versiones anteriores a Ver.2.10.23 (versiones Ver.2.10.x), Ver.2.9.26 (versiones Ver.2.9.x) y Ver.2.8.64 (versiones Ver.2.8.x), permite scripts arbitrarios para ser ejecutados en el contexto de la aplicación debido a vectores no especificados. • http://jvn.jp/en/jp/JVN10377257/index.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1178
https://notcve.org/view.php?id=CVE-2016-1178
12 Apr 2017 — The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. La sesión de administración de la funcionalidad de comentarios en appleple a-blog cms 2.6.0.1 y versiones anteriores permite a atacantes remotos a obtener o modificar información sensible a través de vectores no especificados. • http://jvn.jp/en/jp/JVN03975805/index.html • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1179
https://notcve.org/view.php?id=CVE-2016-1179
12 Apr 2017 — Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad (XSS) en la plantilla estándar de la funcionalidad de comentarios en appleple a-blog cms 2.6.0.1 y versiones anteriores permite a atacantes remotos a inyectar secuencias de comandos de web o HTML arbitrario. • http://jvn.jp/en/jp/JVN73166466/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •