Vulnerabilities > Blogengine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-21 | CVE-2023-33405 | Open Redirect vulnerability in Blogengine Blogengine.Net Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. | 6.1 |
| 2023-03-06 | CVE-2023-22856 | Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0 A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. | 5.4 |
| 2023-03-06 | CVE-2023-22857 | Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0 A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. | 5.4 |
| 2023-03-06 | CVE-2023-22858 | Unspecified vulnerability in Blogengine Blogengine.Net 3.3.8.0 An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | 5.3 |
| 2022-09-02 | CVE-2022-36600 | Cross-site Scripting vulnerability in Blogengine Blogengine.Net 3.3.8.0 BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. | 4.8 |
| 2022-05-18 | CVE-2022-28921 | Cross-Site Request Forgery (CSRF) vulnerability in Blogengine Blogengine.Net 3.3.8.0 A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. | 6.5 |