CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

EUVD-2023-29429

Malicious code in bioql PyPI...

CVE-2024-3747

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-3397 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB version 3.11.0 Description: A persistent cross-site scripting XSS issue allows remote attackers to store arbitrary code in the 'about me' section of their profile. This enables attackers to execute malicious scripts on the website...

CVE-2024-36775

Monstra CMS 3.0.4 is affected by an XSS vulnerability in the Edit Profile page, where crafted payloads placed into the About Me field can execute arbitrary web scripts/HTML. The issue stems from reflecting or injecting content via the About Me parameter, enabling potential code execution in the c...

PT-2024-27158 · Unknown · Monstra Cms

Name of the Vulnerable Software and Affected Versions: Monstra CMS version 3.0.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page. This could potentially affe...

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. An attacker can exploit the vulnerability to execute arbitrary web script or HTML via a specially crafted...

CVE-2024-3747

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Plugin Blocksy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-27579 · WordPress · Blocksy

Name of the Vulnerable Software and Affected Versions: Blocksy theme for WordPress versions up to, and including, 2.0.39 Description: The issue is related to Stored Cross-Site Scripting via the className parameter in the About Me block due to insufficient input sanitization and output escaping...

WordPress Blocksy theme <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via About Me block vulnerability discovered by Ngô Thiên An ancorn in WordPress Theme Blocksy versions = 2.0.39...

CVE-2023-3369

The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

Cross site scripting

The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

CVE-2023-3369

CVE-2023-3369 refers to the About Me 3000 widget for WordPress. A Stored Cross-Site Scripting (XSS) flaw exists in admin settings for versions up to and including 2.2.6 due to insufficient input sanitization and output escaping. Impact is limited to authenticated attackers with administrator-leve...

PT-2023-24448 · WordPress · About Me 3000

Name of the Vulnerable Software and Affected Versions: About Me 3000 widget plugin for WordPress versions up to, and including, 2.2.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

WordPress Plugin About Me 3000 widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Scripting (XSS)

Software About Me 3000 widget Type Plugin Vulnerable versions = 2.2.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3369 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 0d4783abf205 Credits Marco Wotschka Requir...

CVE-2023-25474

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...

CVE-2023-25474 WordPress About Me 3000 widget Plugin <= 2.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Csaba Kissi About Me 3000 widget plugin = 2.2.6 versions...