Shodan
Vulnerabilities
Vulnerable Software
B3log:  Security Vulnerabilities
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-05
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-03
CVE-2024-2692
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
CVSS Score
9.0
EPSS Score
0.002
Published
2024-04-04
CVE-2024-23049
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
CVSS Score
9.8
EPSS Score
0.038
Published
2024-02-05
CVE-2021-32855
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-02-21
CVE-2022-0350
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-03-31
CVE-2022-0341
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
CVSS Score
6.6
EPSS Score
0.001
Published
2022-03-14
CVE-2021-4103
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
CVSS Score
6.8
EPSS Score
0.003
Published
2022-01-23
CVE-2019-17488
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-10
CVE-2019-13915
b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. An unzip operation leads to read access, and write access (depending on file permissions), to the symlink target. Third, the attacker can import a Git repository that contains a symlink, similarly leading to read and write access.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved