Vulnerability in Appleple A-blog_cms
CVE-2019-6034
a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
EPSS: 0.007 (46.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Appleple A-blog_cms
- Appleple Inc. A-blog Cms — versions versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x)
Weakness classification (CWE)
References
- vultures@jpcert.or.jp (x_refsource_MISC, Vendor Advisory)
- vultures@jpcert.or.jp (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-6034?
- CVE-2019-6034 is a medium-severity vulnerability in Appleple A-blog_cms, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.1/10. Published 2019-12-26.
- How severe is CVE-2019-6034?
- Medium severity. CVSS v3 base score is 6.1 out of 10.