Skip to main content

Perfreeblog CVE-2023-29643

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-05-01 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 01, 2023 - 16:15 nvd
MEDIUM 5.4

DescriptionNVD

Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.

AnalysisAI

Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. Affected products include: Perfree Perfreeblog.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-30333 CRITICAL POC
9.8 May 18

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attacke

CVE-2023-27757 CRITICAL POC
9.8 Mar 15

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to

CVE-2025-29281 HIGH POC
8.8 Apr 15

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component

CVE-2025-60730 HIGH POC
7.6 Oct 24

Arbitrary file deletion in PerfreeBlog 4.0.11 lets attackers remove files outside the intended theme directory by abusin

CVE-2023-40825 HIGH POC
7.2 Aug 28

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in

CVE-2025-60729 MEDIUM POC
5.3 Oct 24

Arbitrary file read in PerfreeBlog v4.0.11 allows unauthenticated remote attackers to read files outside the intended we

CVE-2025-29280 MEDIUM POC
4.8 Apr 15

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system

CVE-2025-60735 HIGH
7.6 Oct 24

Arbitrary file upload in PerfreeBlog 4.0.11 lets an authenticated user abuse the installPlugin function to upload malici

CVE-2025-60731 HIGH
7.6 Oct 24

Arbitrary file upload in PerfreeBlog v4.0.11 lets an authenticated attacker abuse the installTheme function to upload ma

CVE-2025-29421 HIGH POC
7.5 Aug 25

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. Rated high severity (C

CVE-2025-29420 HIGH POC
7.5 Aug 25

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. Rated high severity (CV

CVE-2025-5164 MEDIUM POC
6.3 May 26

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. Rated medium severity (CVSS 6.3), th

Share

CVE-2023-29643 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy