Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zrlog Subscribe
Filtered by product Zrlog
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44094 1 Zrlog 1 Zrlog 2021-11-29 6.8 MEDIUM 7.8 HIGH
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVE-2021-44093 1 Zrlog 1 Zrlog 2021-11-29 7.5 HIGH 9.8 CRITICAL
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVE-2020-18066 1 Zrlog 1 Zrlog 2021-07-02 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
CVE-2020-21316 1 Zrlog 1 Zrlog 2021-06-21 4.3 MEDIUM 6.1 MEDIUM
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
CVE-2020-19005 1 Zrlog 1 Zrlog 2020-09-03 3.5 LOW 5.7 MEDIUM
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
CVE-2019-16643 1 Zrlog 1 Zrlog 2019-09-20 3.5 LOW 5.4 MEDIUM
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
CVE-2018-17079 1 Zrlog 1 Zrlog 2019-06-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
CVE-2018-17420 1 Zrlog 1 Zrlog 2019-03-08 6.5 MEDIUM 7.2 HIGH
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
CVE-2018-17421 1 Zrlog 1 Zrlog 2019-03-08 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.