Dotnetblogengine Blogengine.net — known CVE vulnerabilities
Every CVE whose affected-product data names Dotnetblogengine Blogengine.net, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2019-10719 — CVSS 8.8 (high): BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to…
CVE-2019-10718 — CVSS 7.5 (high): BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/…
CVE-2019-10721 — CVSS 6.1 (medium): BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Securit…
CVE-2013-6953 — CVSS 5.0 (medium): BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
CVE-2008-6476 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or…