Browse all 4 CVE security advisories affecting photoweblog. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Photoweblog serves as a content management system for photo-centric blogs, enabling users to publish and manage visual content online. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with four CVEs documented. The platform's security posture has been compromised through insufficient input validation and improper access controls, allowing attackers to execute arbitrary code or escalate privileges. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities in its codebase suggests potential risks for unpatched installations, emphasizing the need for regular updates and security hardening measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4429 | OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute — OSM – OpenStreetMapCWE-79 | 6.4 | Medium | 2026-04-09 |
| CVE-2024-8991 | OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes — OSM – OpenStreetMapCWE-79 | 6.4 | Medium | 2024-09-27 |
| CVE-2024-3604 | OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) SQL Injection — OSM – OpenStreetMapCWE-89 | 9.9 | Critical | 2024-07-09 |
| CVE-2024-3603 | OSM – OpenStreetMap <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — OSM – OpenStreetMapCWE-79 | 6.4 | Medium | 2024-07-09 |
This page lists every published CVE security advisory associated with photoweblog. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.