Browse all 3 CVE security advisories affecting BlogEngine.NET. AI-powered Chinese analysis, POCs, and references for each vulnerability.
BlogEngine.NET serves as an open-source .NET blogging platform enabling content management and publication. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from input validation failures and insecure default configurations. The platform has accumulated three CVEs, with notable issues including authenticated RCE through improper access controls and XSS in comment functionality. While no major public security incidents have been widely documented, the consistent discovery of flaws underscores the importance of timely updates and hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-22858 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 — BlogEngine.NETCWE-862 | 5.3 | Medium | 2023-03-06 |
| CVE-2023-22857 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 — BlogEngine.NETCWE-79 | 8.5 | High | 2023-03-06 |
| CVE-2023-22856 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 — BlogEngine.NETCWE-79 | 8.5 | High | 2023-03-06 |
This page lists every published CVE security advisory associated with BlogEngine.NET. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.