CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18999
https://notcve.org/view.php?id=CVE-2020-18999
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Blog_mini versión v1.0, permite a atacantes remotos ejecutar código arbitrario por medio del componente "/admin/submit-articles". • https://github.com/xpleaf/Blog_mini/issues/44 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18998
https://notcve.org/view.php?id=CVE-2020-18998
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Blog_mini versión v1.0, permite a atacantes remotos ejecutar código arbitrario por medio del componente "/admin/custom/blog-plugin/add". • https://github.com/xpleaf/Blog_mini/issues/44 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24636 – Print My Blog < 3.4.2 - Plugin Deactivation via CSRF
https://notcve.org/view.php?id=CVE-2021-24636
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link El plugin Print My Blog de WordPress versiones anteriores a 3.4.2, no aplica las comprobaciones de nonce (CSRF), lo que permite a atacantes hacer que los administradores que han iniciado sesión desactiven el plugin Print My Blog y eliminen todos los datos guardados para ese plugin al engañarlos para que abran un enlace malicioso The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link. • https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26224
https://notcve.org/view.php?id=CVE-2021-26224
Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. Una vulnerabilidad de tipo Cross-site scripting (XSS) en SourceCodester Fantastic-Blog-CMS versión V1.0, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del campo search en el archivo search.php • https://github.com/BigTiger2020/Fantastic-Blog-CMS-/blob/main/Fantastic-Blog-CMS-2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26231
https://notcve.org/view.php?id=CVE-2021-26231
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php. Una vulnerabilidad de inyección SQL en SourceCodester Fantastic Blog CMS versión v1.0, permite a atacantes remotos ejecutar sentencias SQL arbitrarias, por medio del parámetro id en el archivo category.php • https://github.com/BigTiger2020/Fantastic-Blog-CMS-/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •