Vulnerabilities > Zrlog
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-11 | CVE-2020-27514 | Path Traversal vulnerability in Zrlog 2.1.5 Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | 9.1 |
2023-06-20 | CVE-2020-21052 | Cross-site Scripting vulnerability in Zrlog 2.1.3 Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. | 6.1 |
2021-11-28 | CVE-2021-44093 | Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2 A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | 9.8 |
2021-11-28 | CVE-2021-44094 | Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2 ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | 7.8 |
2021-06-29 | CVE-2020-18066 | Cross-site Scripting vulnerability in Zrlog 2.1.0 Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. | 6.1 |
2021-06-15 | CVE-2020-21316 | Cross-site Scripting vulnerability in Zrlog 2.1.3 A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. | 6.1 |
2020-08-25 | CVE-2020-19005 | Incorrect Authorization vulnerability in Zrlog 2.1.0 zrlog v2.1.0 has a vulnerability with the permission check. | 5.7 |
2019-09-20 | CVE-2019-16643 | Cross-site Scripting vulnerability in Zrlog 2.0.1 An issue was discovered in ZrLog 2.1.1. | 5.4 |
2019-06-19 | CVE-2018-17079 | Cross-site Scripting vulnerability in Zrlog 2.0.1 An issue was discovered in ZRLOG 2.0.1. | 6.1 |
2019-03-07 | CVE-2018-17421 | Cross-site Scripting vulnerability in Zrlog 2.0.3 An issue was discovered in ZrLog 2.0.3. | 6.1 |