Hello, your site is vulnerable to XSS from the profile about form.

https://status.cafe/users/div

Observe.

I am sorry to inform you of this publicly. Feel free to delete this message.

<img src="x" onerror="window.location.href = 'https://divsel.neocities.org'" />

In the mean time, if you're a user who is interested in mitigating this problem, you can use NoScript Suite to mark JS from this domain as untrusted.

Last edited on 2023-07-13 00:17:44