3 matches found
CVE-2026-3498 BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute
The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute in all versions up to, and including, 2.2.15. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
DEBIAN-CVE-2025-67713
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirecturl as safe when url.Parse....IsAbs is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to...
CVE-2025-67713
Miniflux 2 has an Open Redirect due to protocol-relative redirect_url handling. Versions 2.2.14 and earlier treat redirect_url as safe if url.Parse(...).IsAbs() is false, allowing post-login redirects to attacker-controlled sites (e.g., protocol-relative URLs like //ikotaslabs.com). This is fixed...