Vulnerabilities > B3Log

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-23049 Command Injection vulnerability in B3Log Symphony
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
network
low complexity
b3log CWE-77
critical
9.8
2023-02-21 CVE-2021-32855 Cross-site Scripting vulnerability in B3Log Vditor
Vditor is a browser-side Markdown editor.
network
low complexity
b3log CWE-79
6.1
2022-03-31 CVE-2022-0350 Cross-site Scripting vulnerability in B3Log Vditor
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
network
low complexity
b3log CWE-79
5.4
2022-03-14 CVE-2022-0341 Cross-site Scripting vulnerability in B3Log Vditor
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
network
low complexity
b3log CWE-79
5.4
2022-01-23 CVE-2021-4103 Cross-site Scripting vulnerability in B3Log Vditor 0.2.0/1.0.0
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
network
low complexity
b3log CWE-79
5.4
2019-10-10 CVE-2019-17488 Cross-site Scripting vulnerability in B3Log Symphony
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
network
low complexity
b3log CWE-79
6.1
2019-07-18 CVE-2019-13915 Injection vulnerability in B3Log Wide
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files.
network
low complexity
b3log CWE-74
7.5
2019-06-20 CVE-2018-16248 Cross-site Scripting vulnerability in B3Log Solo 2.9.3
b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request.
network
low complexity
b3log CWE-79
6.1
2019-06-20 CVE-2018-16249 Cross-site Scripting vulnerability in B3Log Symphony
In Symphony before 3.3.0, there is XSS in the Title under Post.
network
low complexity
b3log CWE-79
4.8
2019-02-25 CVE-2019-9142 Cross-site Scripting vulnerability in B3Log Symphony
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7.
network
low complexity
b3log CWE-79
6.1