CVE-2023-6142

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6144

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...

CVE-2023-6142 Dev Blog v1.0 - Stored XSS

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6142

Dev Blog v1.0 is affected by an XSS vulnerability triggered via an unrestricted file upload with poor filename entropy. An attacker can upload a malicious HTML file and then guess the filename to deliver it to a victim. Affected component: Dev Blog (Node.js/Express/MongoDB) v1.0; root cause: lack...

CVE-2023-6144 Dev Blog v1.0 - ATO

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...

PT-2023-32542 · Dev Blog · Dev Blog

Name of the Vulnerable Software and Affected Versions: Dev blog version 1.0 Description: The issue allows for an account takeover through the user cookie, enabling an attacker to access any user's session by knowing their username. Recommendations: For Dev blog version 1.0, consider disabling the...

blog.milkyshadows.net Cross Site Scripting vulnerability OBB-3783182

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Raise Mag <= 1.0.7 and Wishful Blog <= 2.0.1 - Reflected XSS

Description The themes do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-28621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1...

CVE-2023-28621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1...

CVE-2023-28621

CVE-2023-28621 is an XSS (Reflected) vulnerability in WordPress themes Raise Mag (&lt;= 1.0.7) and Wishful Blog (

CVE-2023-28621 WordPress Raise Mag Theme <= 1.0.7 and Wishful Blog theme <= 2.0.1 are vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1...

What Else Can You Do to Defend Against Bots?

...

Improper Access Control

microweber/microweber is vulnerable to Improper Access Control. This vulnerability exists because it does not properly restrict a user from commenting on an unpublished blog...

CVE-2023-43979

ETS Soft ybcblog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component YbcblogBlogModuleFrontController::getPosts...

PrestaShop BLOG Drive High Traffic Boost SEO Security Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides multiple payment methods, SMS alerts and product image zoom and other features. A security vulnerability exists in PrestaShop BLOG Drive High Traffic Boost SEO prior to v4.4.0, which...

PT-2023-29054 · Ets Soft · Ybc Blog

Name of the Vulnerable Software and Affected Versions: ETS Soft ybc blog versions prior to 4.4.0 Description: The issue is related to a SQL injection vulnerability. It affects the component Ybc blogBlogModuleFrontController, specifically the function getPosts. Recommendations: For versions prior ...

CVE-2023-36025

creationtimestamp| type| source ---|---|--- 2023-11-14 21:10:02+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-11-15 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1160 2023-11-15 12:34:59+00:00| seen| https://t.me/truesecator/5085 2023-11-17 08:13:29+00:00|...

CVE-2023-27445

Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...