7.1CVSS
6.8AI Score
0.005EPSS
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and...
6.1CVSS
6.2AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.006EPSS
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and...
7.5CVSS
7.4AI Score
0.012EPSS
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for...
8.8CVSS
9.4AI Score
0.042EPSS
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd...
6.9AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q...
5.9AI Score
0.002EPSS