CVE-2024-28713

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature...

CVE-2024-28713

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature...

CVE-2024-28713

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature...

PT-2024-22533

Name of the Vulnerable Software and Affected Versions Mblog Blog system version 3.5.0 Description An issue in the theme management feature allows an attacker to execute arbitrary code via a crafted file. Recommendations For Mblog Blog system version 3.5.0, consider disabling the theme management...

Mblog 安全漏洞

langhsu mblog is langhsu open source an application system . Open source Java blog system , support for multi-user , support for switching themes . Mblog v.3.5.0 version has a security vulnerability . Attackers use the vulnerability through a specially crafted file on the theme management functio...

CVE-2023-28687

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through = 1.1.4; Fascinate: fr...

CVE-2023-28687 Reflected Cross-Site Scripting (XSS) vulnerability in multiple WordPress themes

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through = 1.1.4; Fascinate: fr...

CVE-2023-28687 Reflected Cross-Site Scripting (XSS) vulnerability in multiple WordPress themes

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through = 1.1.4; Fascinate: fr...

CVE-2023-28687

CVE-2023-28687 is a Reflected XSS vulnerability affecting multiple WordPress themes: Glaze Blog Lite (<= 1.1.4), Fascinate (<= 1.0.8), Cream Blog (<= 2.1.3), and Cream Magazine (= 1.1.5, Fascinate >= 1.0.9, Cream Blog >= 2.1.4, and Cream Magazine >= 2.1.5. Patch priority ranges ...

WordPress Plugin Cream Blog 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Noname Security Platform Updates: 3.28 Release

...

Friday Squid Blogging: New Species of Squid Discovered

A new species of squid was discovered, along with about a hundred other species. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Google Pays $10M in Bug Bounties in 2023

BleepingComputer has the details. Its $2M less than in 2022, but its still a lot. The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the programs launch in 2010 has reached $59 million. For Android, the worlds most popular and widely used mobile...

OneBlog User Management Module Cross-Site Scripting Vulnerability

OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from a lack of effective filtering and escaping of user-supplied data in the User Management module, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a...

GHSA-55M3-44XF-HG4H GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

Summary and impact GoogleOAuthenticator.hosteddomain is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domains. The...

OneBlog 安全漏洞

OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from a lack of effective filtering and escaping of user-supplied data in the User Management module, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a...

OneBlog 安全漏洞

OneBlog is a Java blog. OneBlog suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data in the Role Management module, which can be exploited by an attacker to steal the victim's cookie-based authentication credentials...

CVE-2024-1146

Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'...

CVE-2024-1145

User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response...

CVE-2024-1145

User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response...