Vulnerabilities > Blogengine

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-33404 Unrestricted Upload of File with Dangerous Type vulnerability in Blogengine Blogengine.Net
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
network
low complexity
blogengine CWE-434
critical
9.8
2023-06-21 CVE-2023-33405 Open Redirect vulnerability in Blogengine Blogengine.Net
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
network
low complexity
blogengine CWE-601
6.1
2023-03-06 CVE-2023-22856 Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.
network
low complexity
blogengine CWE-79
5.4
2023-03-06 CVE-2023-22857 Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.
network
low complexity
blogengine CWE-79
5.4
2023-03-06 CVE-2023-22858 Unspecified vulnerability in Blogengine Blogengine.Net 3.3.8.0
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
network
low complexity
blogengine
5.3
2023-01-18 CVE-2022-41417 Missing Authorization vulnerability in Blogengine Blogengine.Net 3.3.8.0
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
network
low complexity
blogengine CWE-862
critical
9.8
2022-12-19 CVE-2022-41418 Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
network
low complexity
blogengine CWE-22
7.2
2022-09-02 CVE-2022-36600 Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts.
network
low complexity
blogengine CWE-79
4.8
2022-05-18 CVE-2022-28921 Cross-Site Request Forgery (CSRF) vulnerability in Blogengine Blogengine.Net 3.3.8.0
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server.
network
low complexity
blogengine CWE-352
6.5
2022-05-13 CVE-2022-25591 Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.
network
low complexity
blogengine CWE-22
critical
9.1