CVE-2025-29280

Medium CVSS: 4.8

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.

Vendor

Perfree

Product

Perfreeblog

CWE

CWE-79

Yayın Tarihi

2025-04-15 14:15:41

Güncelleme

2025-06-24 15:19:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Perfreeblog MEDIUM Perfree 2025

Referanslar

https://github.com/Cray0nLee/CVE/issues/1 https://github.com/Cray0nLee/CVE/issues/1

Benzer Kayıtlar

Medium

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttac…

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

High

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Medium

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.