CVE-2025-2835

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2017-15029

MEDIUM
CVSS:4.3(Medium)

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2017-18036

MEDIUM
CVSS:4.3(Medium)

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Requ...

CWE-9182017

CVE-2018-1000185

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET...

CWE-9182018

CVE-2018-17450

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integra...

CWE-9182018

CVE-2018-1999039

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an att...

CWE-9182018

CVE-2019-1003020

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET ...

CWE-9182019