Zhyd Oneblog

14 CVEs affecting Zhyd Oneblog. Latest disclosed: 2025-10-28. Critical: 1, High: 2.

Top CVEs affecting Zhyd Oneblog
CVESeverityScorePublishedSummary
CVE-2025-60355Critical9.82025-10-28zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2024-54954High8.02025-02-10OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
CVE-2025-56264High7.52025-09-16The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.
CVE-2022-34012Medium6.52022-06-23Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.
CVE-2024-29473Medium6.12024-03-20OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.
CVE-2024-29470Medium6.12024-03-20OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.
CVE-2024-29469Medium6.12024-03-20A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in…
CVE-2024-29474Medium5.42024-03-20OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.
CVE-2024-29472Medium5.42024-03-20OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.
CVE-2024-29471Medium5.42024-03-20OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
CVE-2025-2833Medium5.32025-03-27A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header…
CVE-2025-2835Medium4.32025-03-27A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the…
CVE-2022-34013Medium4.32022-06-23OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.
CVE-2022-34011Medium4.32022-06-23OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.