133 matches found
GHSA-4249-GJR8-JPQ3 Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...
Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...
CVE-2025-64501
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...
CVE-2025-64501
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...
CVE-2025-64501
Summary: CVE-2025-64501 affects the ProsemirrorToHtml gem used to convert ProseMirror JSON to HTML. In versions 0.2.0 and earlier, it is vulnerable to Cross-Site Scripting (XSS) through malicious HTML attribute values because attribute values aren’t escaped, while tag content is. Impact applies t...
EUVD-2025-50824
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...
CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...
Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...
EUVD-2025-38038
Cross-Site Scripting XSS vulnerability through unescaped HTML attribute values...
GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...
EUVD-2019-19375
Malware in sbrugna...
EUVD-2005-1640
Malware in sbrugna...
EUVD-2017-0060
Malware in sbrugna...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
CVE-2019-25225
sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...
SUSE-SU-2025:02350-2 Security update for kubernetes1.28
This update for kubernetes1.28 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
Security update for kubernetes1.26
This update for kubernetes1.26 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.28
This update for kubernetes1.28 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.27
This update for kubernetes1.27 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.24
This update for kubernetes1.24 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...