Zhyd Oneblog
14 CVEs affecting Zhyd Oneblog. Latest disclosed: 2025-10-28. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60355 | Critical | 9.8 | 2025-10-28 | zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. |
CVE-2024-54954 | High | 8.0 | 2025-02-10 | OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. |
CVE-2025-56264 | High | 7.5 | 2025-09-16 | The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. |
CVE-2022-34012 | Medium | 6.5 | 2022-06-23 | Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. |
CVE-2024-29473 | Medium | 6.1 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. |
CVE-2024-29470 | Medium | 6.1 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. |
CVE-2024-29469 | Medium | 6.1 | 2024-03-20 | A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in… |
CVE-2024-29474 | Medium | 5.4 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. |
CVE-2024-29472 | Medium | 5.4 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. |
CVE-2024-29471 | Medium | 5.4 | 2024-03-20 | OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. |
CVE-2025-2833 | Medium | 5.3 | 2025-03-27 | A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header… |
CVE-2025-2835 | Medium | 4.3 | 2025-03-27 | A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the… |
CVE-2022-34013 | Medium | 4.3 | 2022-06-23 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. |
CVE-2022-34011 | Medium | 4.3 | 2022-06-23 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. |