Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug.
References
Link | Resource |
---|---|
https://github.com/zblogcn/zblogphp/issues/185 | Exploit Third Party Advisory |
https://github.com/zblogcn/zblogphp/issues/205 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-02T19:00:00
Updated: 2019-03-19T20:41:32
Reserved: 2018-05-02T00:00:00
Link: CVE-2018-10680
JSON object: View
NVD Information
Status : Modified
Published: 2018-05-02T19:29:00.527
Modified: 2024-05-17T01:22:09.580
Link: CVE-2018-10680
JSON object: View
Redhat Information
No data.
CWE