CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1937 – zhenfeng13 My-Blog userInfo cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-1937
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/zhenfeng13/My-Blog/issues/I6PV4U https://vuldb.com/?ctiid.225264 https://vuldb.com/?id.225264 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27093
https://notcve.org/view.php?id=CVE-2023-27093
Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function. • https://gitee.com/zhenfeng13/My-Blog/issues/I6GDTU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40035
https://notcve.org/view.php?id=CVE-2022-40035
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. Vulnerabilidad de carga de archivos encontrada en Rawchen Blog-ssm v1.0 que permite a los atacantes ejecutar comandos arbitrarios y obtener privilegios aumentados a través del componente /uploadFileList. • https://github.com/rawchen/blog-ssm/issues/3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40037
https://notcve.org/view.php?id=CVE-2022-40037
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. Un problema descubierto en Rawchen blog-ssm v1.0 permite a un atacante remoto escalar privilegios y ejecutar comandos arbitrarios a través del componente /upFile. • https://github.com/rawchen/blog-ssm/issues/2 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40036
https://notcve.org/view.php?id=CVE-2022-40036
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. • https://github.com/rawchen/blog-ssm/issues/5 •