Vulnerabilities > B3Log
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-23049 | Command Injection vulnerability in B3Log Symphony An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | 9.8 |
| 2023-02-21 | CVE-2021-32855 | Cross-site Scripting vulnerability in B3Log Vditor Vditor is a browser-side Markdown editor. | 6.1 |
| 2022-03-31 | CVE-2022-0350 | Cross-site Scripting vulnerability in B3Log Vditor Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. | 5.4 |
| 2022-03-14 | CVE-2022-0341 | Cross-site Scripting vulnerability in B3Log Vditor Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | 3.5 |
| 2022-01-23 | CVE-2021-4103 | Cross-site Scripting vulnerability in B3Log Vditor 0.2.0/1.0.0 Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | 3.5 |
| 2019-10-10 | CVE-2019-17488 | Cross-site Scripting vulnerability in B3Log Symphony b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | 4.3 |
| 2019-07-18 | CVE-2019-13915 | Injection vulnerability in B3Log Wide b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. | 5.0 |
| 2019-06-20 | CVE-2018-16248 | Cross-site Scripting vulnerability in B3Log Solo 2.9.3 b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request. | 4.3 |
| 2019-06-20 | CVE-2018-16249 | Cross-site Scripting vulnerability in B3Log Symphony In Symphony before 3.3.0, there is XSS in the Title under Post. | 3.5 |
| 2019-02-25 | CVE-2019-9142 | Cross-site Scripting vulnerability in B3Log Symphony An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. | 4.3 |