BlogEngine.NET
BlogEngine.NET copied to clipboard
BlogEngine
Multi-User ASP.NET Blogging Application
I can access the dashboard and change every setting correctly, except the password. It allows me to enter the new password but when I submit the changes I get the...
Line 960: if (_fileStorageProvider == null) Line 961: { Line 962: throw new ProviderException("unable to load default file system Blog Provider"); Line 963: } Line 964: }
I've followed the installation (upload zip to my site, unzip, etc.) and the site loads properly. However, when I attempt to go to the admin page to change the password...
Bumps jQuery.Validation from 1.14.0 to 1.19.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Hi team, I have identified a couple of XSS issues, can you please reach out to me at [email protected]? Thanks!
Hi, I have identified an access control issue, can you please reach out to me at [email protected]? Thanks!
It references the script via HTTP instead of HTTPS, causing it not to load when the blog is hosted on HTTPS: https://github.com/BlogEngine/BlogEngine.NET/blob/master/BlogEngine/BlogEngine.NET/Custom/Extensions/Recaptcha/RecaptchaControl.cs#L558
The formdata for the ReCaptCha is incorrect. Change ` var formdata = String.Format(HttpUtility.UrlEncode(this.PrivateKey), HttpUtility.UrlEncode(this.Response), HttpUtility.UrlEncode(this.RemoteIP));` to `var formdata = string.Format("secret=" + this.PrivateKey + "&response=" + this.Response + "&remoteip=" + this.RemoteIP);...
A Cross Site Scripting vulnerabilty exists in BlogEngine via the Description field in /blogengine/api/posts Step to exploit: 1. Login as admin. 2. Navigate to http://127.0.0.1/blogengine/admin/#/content/posts and click on "NEW". 3....
Bumps [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) from 6.0.8 to 13.0.1. Release notes Sourced from Newtonsoft.Json's releases. 13.0.1 New feature - Add JsonSelectSettings with configuration for a regex timeout Change - Remove portable assemblies from...