Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2020-18066

Disclosure Date: June 29, 2021 (last updated February 22, 2025)
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-19005

Disclosure Date: August 25, 2020 (last updated February 22, 2025)
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0