First published: Tue Oct 16 2018(Updated: )
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zblogcn Z-blogphp | =1.5.2.1935 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Z-BlogPHP is CVE-2018-18381.
CVE-2018-18381 has a severity rating of medium with a CVSS score of 5.4.
The stored XSS vulnerability in Z-BlogPHP occurs in the zb_system/function/c_system_admin.php file when uploading image attachments using the Content-Type header.
The affected version of Z-BlogPHP for CVE-2018-18381 is 1.5.2.1935 (Zero).
There is no specific fix available for CVE-2018-18381, but it is recommended to update to a newer version of Z-BlogPHP to address this vulnerability.