Vulnerabilities > Zrlog > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2020-21052 | Cross-site Scripting vulnerability in Zrlog 2.1.3 Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. | 6.1 |
| 2021-06-29 | CVE-2020-18066 | Cross-site Scripting vulnerability in Zrlog 2.1.0 Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. | 6.1 |
| 2021-06-15 | CVE-2020-21316 | Cross-site Scripting vulnerability in Zrlog 2.1.3 A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. | 6.1 |
| 2020-08-25 | CVE-2020-19005 | Incorrect Authorization vulnerability in Zrlog 2.1.0 zrlog v2.1.0 has a vulnerability with the permission check. | 5.7 |
| 2019-09-20 | CVE-2019-16643 | Cross-site Scripting vulnerability in Zrlog 2.0.1 An issue was discovered in ZrLog 2.1.1. | 5.4 |
| 2019-06-19 | CVE-2018-17079 | Cross-site Scripting vulnerability in Zrlog 2.0.1 An issue was discovered in ZRLOG 2.0.1. | 6.1 |
| 2019-03-07 | CVE-2018-17421 | Cross-site Scripting vulnerability in Zrlog 2.0.3 An issue was discovered in ZrLog 2.0.3. | 6.1 |