Product:

Zrlog

(Zrlog)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 11
Date Id Summary Products Score Patch Annotated
2019-06-19 CVE-2018-17079 An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. Zrlog 6.1
2023-08-11 CVE-2020-27514 Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). Zrlog 9.1
2023-06-20 CVE-2020-21052 Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. Zrlog 6.1
2021-11-28 CVE-2021-44093 A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell Zrlog 9.8
2021-11-28 CVE-2021-44094 ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file Zrlog 7.8
2021-06-29 CVE-2020-18066 Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment. Zrlog 6.1
2021-06-15 CVE-2020-21316 A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. Zrlog 6.1
2020-08-25 CVE-2020-19005 zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. Zrlog N/A
2019-09-20 CVE-2019-16643 An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area. Zrlog N/A
2019-03-07 CVE-2018-17421 An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. Zrlog 6.1