langhsu/mblog

langhsu/mblog

Releases5

Frequency1 year 4 months

Last Release about 6 years ago

Stars584

开源免费的Java博客系统, 采用spring-boot、spring-data-jpa、shiro、freemarker、bootstrap等框架, 支持Docker

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-27280 ↗	May 8, 2023Monday, 8 May 2023, 14:15	7.8 HIGH	—
OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVE-2021-46028 ↗	Jan 20, 2022Thursday, 20 January 2022, 00:15	4.3 MEDIUM	4.3 MEDIUM
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
CVE-2020-19618 ↗	Apr 1, 2021Thursday, 1 April 2021, 20:15	5.4 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.
CVE-2020-19619 ↗	Apr 1, 2021Thursday, 1 April 2021, 20:15	5.4 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.
CVE-2020-19616 ↗	Apr 1, 2021Thursday, 1 April 2021, 19:15	5.4 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.
CVE-2020-19617 ↗	Apr 1, 2021Thursday, 1 April 2021, 19:15	5.4 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.