|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-08-26 | |
| Rule Name: | Z-Blog 1.5.1.1740 XSS Vulnerability (CVE-2018-7736) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | ** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ExploitDB:44406 https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md https://github.com/zblogcn/zblogphp/issues/205 https://packetstormsecurity.com/files/147066/Z-Blog-1.5.1.1740-Cross-Site-Scripting.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.zblogcn.com/ |