Home/Product/blogengine blogengine.net
Product

blogengine blogengine.net

20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-33404
<= 3.3.8.0
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.
9.8CRITICAL
 CVE-2023-33405
<= 3.3.8.0
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
6.1MEDIUM
 CVE-2023-22858
all versions
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpubli
5.3MEDIUM
 CVE-2023-22857
all versions
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the secur
8.5HIGH
 CVE-2023-22856
all versions
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the secur
8.5HIGH
 CVE-2022-41417
all versions
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
9.8CRITICAL
 CVE-2022-41418
all versions
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to
7.2HIGH
 CVE-2022-36600
all versions
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. T
4.8MEDIUM
 CVE-2022-28921
all versions
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read a
6.5MEDIUM
 CVE-2022-25591
all versions
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files
9.1CRITICAL
 CVE-2019-10721
all versions
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Servic
6.1MEDIUM
 CVE-2019-10717
all versions
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
7.1HIGH
 CVE-2019-11392
<= 3.3.7
BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
7.5HIGH
 CVE-2019-10720
<= 3.3.7.0
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager.
8.8HIGH
 CVE-2019-10719
<= 3.3.7.0
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, relat
8.8HIGH
 CVE-2019-10718
<= 3.3.7.0
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/Htt
7.5HIGH
 CVE-2018-14485
all versions
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.
9.8CRITICAL
 CVE-2019-6714
<= 3.3.6.0
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.asc
9.8CRITICAL
 CVE-2013-6953
<= 2.8
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd fi
 CVE-2008-6476
all versions
Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web scr
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh