ID CVE-2018-11208
Summary ** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
misc https://github.com/zblogcn/zblogphp/issues/187
Last major update 16-05-2018 - 11:29
Published 16-05-2018 - 11:29
Last modified 16-05-2018 - 11:29
Back to Top