CVE-2019-6034

MEDIUM

a-blog cms 2.8.0-2.8.63 - Cross-Site Scripting

Title source: llm
STIX 2.1

Description

a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://developer.a-blogcms.jp/download/legacy.html
Third Party Advisory x_refsource_misc
http://jvn.jp/en/jp/JVN10377257/index.html

Scores

CVSS v3 6.1
EPSS 0.0066
EPSS Percentile 46.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-74
Status published
Products (1)
appleple/a-blog_cms 2.8.0 - 2.8.64
Published Dec 26, 2019
Tracked Since Feb 18, 2026