Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| michiel_van_baak | mvblog | 1.2 |
| michiel_van_baak | mvblog | 1.3 |
| michiel_van_baak | mvblog | 1.1 |
| michiel_van_baak | mvblog | 1.5 |
| michiel_van_baak | mvblog | 1.0 |
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| michiel_van_baak | mvblog | 1.2 |
| michiel_van_baak | mvblog | 1.3 |
| michiel_van_baak | mvblog | 1.1 |
| michiel_van_baak | mvblog | 1.5 |
| michiel_van_baak | mvblog | 1.0 |