Vulnerabilities

CVE-2018-10680

by Fred · 02/05/2018

** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings –> Basic setting –> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug."

Date published : 2018-05-02

https://github.com/zblogcn/zblogphp/issues/205

https://github.com/zblogcn/zblogphp/issues/185

Similar

Tags: Cybersecurity Alert