Every CVE whose affected-product data names Zrlog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2025-45872 — CVSS 9.8 (critical): zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.
CVE-2021-44093 — CVSS 9.8 (critical): A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit…
CVE-2020-27514 — CVSS 9.1 (critical): Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to…
CVE-2021-44094 — CVSS 7.8 (high): ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVE-2018-17420 — CVSS 7.2 (high): An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords…
CVE-2020-21052 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of…
CVE-2018-17421 — CVSS 6.1 (medium): An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
CVE-2020-18066 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
CVE-2018-17079 — CVSS 6.1 (medium): An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
CVE-2020-21316 — CVSS 6.1 (medium): A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary…
CVE-2020-19005 — CVSS 5.7 (medium): zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the…
CVE-2019-16643 — CVSS 5.4 (medium): An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.