Blogotext Project » Blogotext : Security Vulnerabilities, CVEs,

CVE-2017-17794

validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-12-20
Updated
2019-10-03

CVE-2017-17793

Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).
Max CVSS
7.5
EPSS Score
0.29%
Published
2017-12-20
Updated
2018-01-12

CVE-2017-17792

Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.
Max CVSS
6.1
EPSS Score
0.13%
Published
2017-12-20
Updated
2018-01-04

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.
Max CVSS
6.1
EPSS Score
0.15%
Published
2017-10-02
Updated
2017-10-06
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close