Vulnerabilities > Dotnetblogengine

DATE	CVE	VULNERABILITY TITLE	RISK
2019-07-03	CVE-2019-10721	Open Redirect vulnerability in Dotnetblogengine Blogengine.Net 3.3.7.0 BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. network dotnetblogengine CWE-601	5.8
2019-07-03	CVE-2019-10717	Path Traversal vulnerability in Dotnetblogengine Blogengine.Net 3.3.7.0 BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. network low complexity dotnetblogengine CWE-22	5.5
2019-06-21	CVE-2019-11392	XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. network low complexity dotnetblogengine CWE-611	5.0
2019-06-21	CVE-2019-10720	Path Traversal vulnerability in Blogengine Blogengine.Net BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. network low complexity dotnetblogengine blogengine CWE-22	6.5
2019-06-21	CVE-2019-10719	Path Traversal vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. network low complexity dotnetblogengine CWE-22	6.5
2019-06-21	CVE-2019-10718	XXE vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. network low complexity dotnetblogengine CWE-611	5.0
2014-01-03	CVE-2013-6953	Information Exposure vulnerability in Dotnetblogengine Blogengine.Net BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. network low complexity dotnetblogengine CWE-200	5.0
2009-03-16	CVE-2008-6476	Cross-Site Scripting vulnerability in Dotnetblogengine Blogengine.Net Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter. network dotnetblogengine CWE-79	4.3

Vulnerabilities > Dotnetblogengine {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dotnetblogengine"}]}

Vulnerabilities > Dotnetblogengine