CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37271 – WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37271
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Michael Nelson Print My Blog permite XSS almacenado. Este problema afecta a Print My Blog: desde n/a hasta 3.27.0. The Print My Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.27.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/print-my-blog/wordpress-print-my-blog-plugin-3-27-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29639
https://notcve.org/view.php?id=CVE-2023-29639
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. • https://github.com/ZHENFENG13/My-Blog/issues/131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29636
https://notcve.org/view.php?id=CVE-2023-29636
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. • https://github.com/ZHENFENG13/My-Blog/issues/131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1937 – zhenfeng13 My-Blog userInfo cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-1937
A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/zhenfeng13/My-Blog/issues/I6PV4U https://vuldb.com/?ctiid.225264 https://vuldb.com/?id.225264 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27093
https://notcve.org/view.php?id=CVE-2023-27093
Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function. • https://gitee.com/zhenfeng13/My-Blog/issues/I6GDTU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •