Vulnerabilities > Blogotext Project

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-20	CVE-2017-17794	Unspecified vulnerability in Blogotext Project Blogotext validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. network low complexity blogotext-project critical	9.8
2017-12-20	CVE-2017-17793	Information Exposure vulnerability in Blogotext Project Blogotext Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). network low complexity blogotext-project CWE-200	7.5
2017-12-20	CVE-2017-17792	Cross-site Scripting vulnerability in Blogotext Project Blogotext Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. network low complexity blogotext-project CWE-79	6.1
2017-10-02	CVE-2017-14957	Cross-site Scripting vulnerability in Blogotext Project Blogotext Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. network low complexity blogotext-project CWE-79	6.1

Vulnerabilities > Blogotext Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Blogotext Project"}]}