Vulnerabilities > Forestblog Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-16 | CVE-2022-29020 | Cross-site Scripting vulnerability in Forestblog Project Forestblog 20190404 ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar. | 6.1 |
| 2022-01-25 | CVE-2021-46034 | Cross-site Scripting vulnerability in Forestblog Project Forestblog A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. | 6.1 |