zrlog CVE Vulnerabilities & Metrics

Focus on zrlog vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About zrlog Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with zrlog. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total zrlog CVEs: 11
Earliest CVE date: 07 Mar 2019, 23:29 UTC
Latest CVE date: 11 Aug 2023, 14:15 UTC

Latest CVE reference: CVE-2020-27514

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical zrlog CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.09

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	6
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS zrlog CVEs

These are the five CVEs with the highest CVSS scores for zrlog, sorted by severity first and recency.

CVE-2021-44093 zrlog Published on 28 Nov 2021, 21:15 UTC (CVSS: 7.5)
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVE-2021-44094 zrlog Published on 28 Nov 2021, 21:15 UTC (CVSS: 6.8)
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVE-2018-17420 zrlog Published on 07 Mar 2019, 23:29 UTC (CVSS: 6.5)
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
CVE-2020-18066 zrlog Published on 29 Jun 2021, 18:15 UTC (CVSS: 4.3)
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
CVE-2020-21316 zrlog Published on 15 Jun 2021, 20:15 UTC (CVSS: 4.3)
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

All CVEs for zrlog

CVE-2020-27514 zrlog vulnerability CVSS: 0 11 Aug 2023, 14:15 UTC

Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).

CVE-2020-21052 zrlog vulnerability CVSS: 0 20 Jun 2023, 15:15 UTC

Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.

CVE-2021-44094 zrlog vulnerability CVSS: 6.8 28 Nov 2021, 21:15 UTC

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file

CVE-2021-44093 zrlog vulnerability CVSS: 7.5 28 Nov 2021, 21:15 UTC

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell

CVE-2020-18066 zrlog vulnerability CVSS: 4.3 29 Jun 2021, 18:15 UTC

Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.

CVE-2020-21316 zrlog vulnerability CVSS: 4.3 15 Jun 2021, 20:15 UTC

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

CVE-2020-19005 zrlog vulnerability CVSS: 3.5 25 Aug 2020, 22:15 UTC

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.

CVE-2019-16643 zrlog vulnerability CVSS: 3.5 20 Sep 2019, 16:15 UTC

An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.

CVE-2018-17079 zrlog vulnerability CVSS: 4.3 19 Jun 2019, 18:15 UTC

An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.

CVE-2018-17421 zrlog vulnerability CVSS: 4.3 07 Mar 2019, 23:29 UTC

An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.

CVE-2018-17420 zrlog vulnerability CVSS: 6.5 07 Mar 2019, 23:29 UTC

An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.