Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Bolo-Blog 2.6.4: Remote Code Execution via Article Title
CVE-2026-4616
Summary
A security flaw in Bolo-Blog 2.6.4 allows hackers to inject malicious code into the system by manipulating article titles. This could let them access sensitive data or take control of your site. Update to the latest version as soon as possible to fix this issue.
Original title
A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulatio...
Original description
A security flaw has been discovered in bolo-blog 까지 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
3.3
nvd CVSS3.1
2.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 24 Mar 2026 · Updated: 24 Mar 2026 · First seen: 24 Mar 2026