Appleple A-blog_cms
26 CVEs affecting Appleple A-blog_cms. Latest disclosed: 2025-05-19. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-21142 | Critical | 9.8 | 2022-02-24 | Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x seri… |
CVE-2024-23348 | High | 8.8 | 2024-01-23 | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x s… |
CVE-2024-23180 | High | 8.8 | 2024-01-23 | Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x s… |
CVE-2025-36560 | High | 8.6 | 2025-05-19 | Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gai… |
CVE-2024-23182 | High | 8.1 | 2024-01-23 | Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x ser… |
CVE-2025-31103 | High | 7.5 | 2025-03-31 | Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the pro… |
CVE-2024-31396 | Medium | 6.6 | 2024-05-22 | Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vuln… |
CVE-2024-31394 | Medium | 6.5 | 2024-05-22 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x… |
CVE-2024-27279 | Medium | 6.5 | 2024-03-12 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2… |
CVE-2022-23810 | Medium | 6.5 | 2022-02-24 | Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2… |
CVE-2016-1178 | Medium | 6.5 | 2017-04-12 | The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via u… |
CVE-2024-31395 | Medium | 6.1 | 2024-05-22 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11… |
CVE-2024-23181 | Medium | 6.1 | 2024-01-23 | Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series… |
CVE-2022-24374 | Medium | 6.1 | 2022-02-24 | Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x serie… |
CVE-2022-23916 | Medium | 6.1 | 2022-02-24 | Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x serie… |
CVE-2019-6034 | Medium | 6.1 | 2019-12-26 | a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the contex… |
CVE-2019-6033 | Medium | 6.1 | 2019-12-26 | Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows remote a… |
CVE-2016-1179 | Medium | 6.1 | 2017-04-12 | Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attacke… |
CVE-2025-32999 | Medium | 5.4 | 2025-05-19 | Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the en… |
CVE-2024-30419 | Medium | 5.4 | 2024-05-22 | Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11… |