CVE-2024-32472

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

CVE-2024-32472 excalidraw vulnerable to a Stored XSS in excalidraw's web embed component

excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrusted string as...

CVE-2024-32472

The CVE-2024-32472 entry details a stored XSS in Excalidraw’s web embeddable component. Two vectors exist: (1) untrusted content rendered as an iframe srcdoc without proper HTML sanitization, and (2) improper sanitization against attribute HTML injection, exacerbated by allow-same-origin in the s...

Enlightenment elevation of privilege vulnerability

Enlightenment is a window manager for the X Window System, which can be used alone or with desktop environments such as GNOME, KDE, and others. A security vulnerability exists in versions of Enlightenment prior to 0.17.6. A local attacker can exploit this vulnerability to gain privileges...