Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
112050.5%CRITICAL

Related CVEs

12
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-45872zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.CRITICAL9.832.6%Jul 1, 2025
CVE-2020-27514Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).CRITICAL9.159.0%Aug 11, 2023
CVE-2020-21052Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.MEDIUM6.142.0%Jun 20, 2023
CVE-2021-44094ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR fileHIGH7.8Nov 28, 2021
CVE-2021-44093A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShellCRITICAL9.8Nov 28, 2021
CVE-2020-18066Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.MEDIUM6.143.0%Jun 29, 2021
CVE-2020-21316A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.MEDIUM6.162.1%Jun 15, 2021
CVE-2020-19005zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.MEDIUM5.749.8%Aug 25, 2020
CVE-2019-16643An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.MEDIUM5.443.5%Sep 20, 2019
CVE-2018-17079An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.NONE51.9%Jun 19, 2019
CVE-2018-17421An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.NONE54.1%Mar 7, 2019
CVE-2018-17420An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.NONE67.4%Mar 7, 2019