Vulnerabilities > Dotnetblogengine

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2019-10721 Open Redirect vulnerability in Dotnetblogengine Blogengine.Net 3.3.7.0
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
5.8
2019-07-03 CVE-2019-10717 Path Traversal vulnerability in Dotnetblogengine Blogengine.Net 3.3.7.0
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
network
low complexity
dotnetblogengine CWE-22
5.5
2019-06-21 CVE-2019-11392 XXE vulnerability in Dotnetblogengine Blogengine.Net
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
network
low complexity
dotnetblogengine CWE-611
5.0
2019-06-21 CVE-2019-10720 Path Traversal vulnerability in Blogengine Blogengine.Net
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager.
network
low complexity
dotnetblogengine blogengine CWE-22
6.5
2019-06-21 CVE-2019-10719 Path Traversal vulnerability in Dotnetblogengine Blogengine.Net
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs.
network
low complexity
dotnetblogengine CWE-22
6.5
2019-06-21 CVE-2019-10718 XXE vulnerability in Dotnetblogengine Blogengine.Net
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.
network
low complexity
dotnetblogengine CWE-611
5.0
2014-01-03 CVE-2013-6953 Information Exposure vulnerability in Dotnetblogengine Blogengine.Net
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
network
low complexity
dotnetblogengine CWE-200
5.0
2009-03-16 CVE-2008-6476 Cross-Site Scripting vulnerability in Dotnetblogengine Blogengine.Net
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.
4.3