saysky/ForestBlog

saysky/ForestBlog

forestblog.liuyanzhao.com

Releases0

Stars4.72K

一个简单漂亮的SSM(Spring+SpringMVC+Mybatis)博客系统

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-3005 ↗	Mar 31, 2025Monday, 31 March 2025, 18:15	3.5 LOW	4 MEDIUM
A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3004 ↗	Mar 31, 2025Monday, 31 March 2025, 17:15	3.5 LOW	4 MEDIUM
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-29020 ↗	Apr 16, 2022Saturday, 16 April 2022, 00:15	6.1 MEDIUM	4.3 MEDIUM
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.
CVE-2021-46034 ↗	Jan 25, 2022Tuesday, 25 January 2022, 16:15	6.1 MEDIUM	4.3 MEDIUM
A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.
CVE-2021-46033 ↗	Jan 25, 2022Tuesday, 25 January 2022, 15:15	9.8 CRITICAL	7.5 HIGH
In ForestBlog, as of 2021-12-28, File upload can bypass verification.
CVE-2020-18964 ↗	May 11, 2021Tuesday, 11 May 2021, 19:15	8.8 HIGH	6.8 MEDIUM
Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.