CVE-2019-6714 — CVSS 9.8 (critical): An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can…
CVE-2023-33404 — CVSS 9.8 (critical): An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and…
CVE-2022-25591 — CVSS 9.1 (critical): BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within…
CVE-2019-10720 — CVSS 8.8 (high): BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE…
CVE-2023-22856 — CVSS 8.5 (high): A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security…
CVE-2023-22857 — CVSS 8.5 (high): A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security…
CVE-2022-41418 — CVSS 7.2 (high): An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute…
CVE-2022-28921 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary…
CVE-2023-22858 — CVSS 5.3 (medium): An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished…
CVE-2022-36600 — CVSS 4.8 (medium): BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This…