MidnightBSD

Advisories for javaweb_blog_project

CVE-2022-40034

Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.

Products Affected

Vendor Product Version
javaweb_blog_project javaweb_blog 1.0
CVE-2022-40037

An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

Products Affected

Vendor Product Version
javaweb_blog_project javaweb_blog 1.0