Easy Blog Site
Monthly
Stored cross-site scripting (XSS) in code-projects Easy Blog Site 1.0 allows authenticated remote attackers to inject malicious scripts via the postTitle parameter in /posts/update.php, potentially compromising user sessions and data integrity. The vulnerability requires user interaction (UI:P) and authentication (PR:L), but carries published exploit code and a moderate CVSS score of 5.1, indicating practical exploitation risk in multi-user blog environments.
Remote code execution via SQL injection in code-projects Easy Blog Site up to version 1.0 allows unauthenticated attackers to manipulate the Name parameter in /users/contact_us.php, leading to arbitrary SQL command execution. The vulnerability has a CVSS score of 6.9 with network-based attack vector and low complexity, and publicly available exploit code exists, making this an immediate concern for affected deployments.
Stored cross-site scripting (XSS) in code-projects Easy Blog Site 1.0 allows authenticated remote attackers to inject malicious scripts via the postTitle parameter in /posts/update.php, potentially compromising user sessions and data integrity. The vulnerability requires user interaction (UI:P) and authentication (PR:L), but carries published exploit code and a moderate CVSS score of 5.1, indicating practical exploitation risk in multi-user blog environments.
Remote code execution via SQL injection in code-projects Easy Blog Site up to version 1.0 allows unauthenticated attackers to manipulate the Name parameter in /users/contact_us.php, leading to arbitrary SQL command execution. The vulnerability has a CVSS score of 6.9 with network-based attack vector and low complexity, and publicly available exploit code exists, making this an immediate concern for affected deployments.