CVE-2018-18381: XSS
First published: Tue Oct 16 2018(Updated: )
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zblogcn Z-blogphp | =1.5.2.1935 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for Z-BlogPHP?
The vulnerability ID for Z-BlogPHP is CVE-2018-18381.
What is the severity of CVE-2018-18381?
CVE-2018-18381 has a severity rating of medium with a CVSS score of 5.4.
How does the stored XSS vulnerability in Z-BlogPHP occur?
The stored XSS vulnerability in Z-BlogPHP occurs in the zb_system/function/c_system_admin.php file when uploading image attachments using the Content-Type header.
What is the affected version of Z-BlogPHP for CVE-2018-18381?
The affected version of Z-BlogPHP for CVE-2018-18381 is 1.5.2.1935 (Zero).
Is there a fix available for CVE-2018-18381?
There is no specific fix available for CVE-2018-18381, but it is recommended to update to a newer version of Z-BlogPHP to address this vulnerability.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/zblogcn
- canonical/zblogcn z-blogphp
- version/zblogcn z-blogphp/1.5.2.1935