Vulnerabilities > Zrlog

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-27514 Path Traversal vulnerability in Zrlog 2.1.5
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).
network
low complexity
zrlog CWE-22
critical
 9.1
9.1
2023-06-20 CVE-2020-21052 Cross-site Scripting vulnerability in Zrlog 2.1.3
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
network
low complexity
zrlog CWE-79
6.1
6.1
2021-11-28 CVE-2021-44093 Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
network
low complexity
zrlog CWE-434
critical
 9.8
9.8
2021-11-28 CVE-2021-44094 Unrestricted Upload of File with Dangerous Type vulnerability in Zrlog 2.2.2
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
local
low complexity
zrlog CWE-434
7.8
7.8
2021-06-29 CVE-2020-18066 Cross-site Scripting vulnerability in Zrlog 2.1.0
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
network
low complexity
zrlog CWE-79
6.1
6.1
2021-06-15 CVE-2020-21316 Cross-site Scripting vulnerability in Zrlog 2.1.3
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
network
low complexity
zrlog CWE-79
6.1
6.1
2020-08-25 CVE-2020-19005 Incorrect Authorization vulnerability in Zrlog 2.1.0
zrlog v2.1.0 has a vulnerability with the permission check.
network
low complexity
zrlog CWE-863
5.7
5.7
2019-09-20 CVE-2019-16643 Cross-site Scripting vulnerability in Zrlog 2.0.1
An issue was discovered in ZrLog 2.1.1.
network
low complexity
zrlog CWE-79
5.4
5.4
2019-06-19 CVE-2018-17079 Cross-site Scripting vulnerability in Zrlog 2.0.1
An issue was discovered in ZRLOG 2.0.1.
network
low complexity
zrlog CWE-79
6.1
6.1
2019-03-07 CVE-2018-17421 Cross-site Scripting vulnerability in Zrlog 2.0.3
An issue was discovered in ZrLog 2.0.3.
network
low complexity
zrlog CWE-79
6.1
6.1