zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.

Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attack

Cross Site Scripting vulnerability in zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame param

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the origina

Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject a

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download t

An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.

An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.

An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywor