Lucene search
K

133 matches found

OSV
OSV
added 2025/11/13 10:59 p.m.6 views

GHSA-4249-GJR8-JPQ3 Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

8.7CVSS5.9AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/11/13 10:59 p.m.9 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

5.9AI score
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/11 10:44 p.m.6 views

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.7AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2025/11/10 10:15 p.m.7 views

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS0.00216EPSS
Exploits0References2
CVE
CVE
added 2025/11/10 9:37 p.m.11 views

CVE-2025-64501

Summary: CVE-2025-64501 affects the ProsemirrorToHtml gem used to convert ProseMirror JSON to HTML. In versions 0.2.0 and earlier, it is vulnerable to Cross-Site Scripting (XSS) through malicious HTML attribute values because attribute values aren’t escaped, while tag content is. Impact applies t...

7.6CVSS5.5AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/10 9:37 p.m.6 views

EUVD-2025-50824

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.4AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2025/11/10 9:37 p.m.5 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.7AI score0.00216EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/11/07 11:17 p.m.10 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

6.8AI score
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/11/06 3:44 p.m.6 views

EUVD-2025-38038

Cross-Site Scripting XSS vulnerability through unescaped HTML attribute values...

5.2AI score
Exploits0References3
OSV
OSV
added 2025/11/06 3:44 p.m.3 views

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

7.6CVSS5.9AI score0.00216EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-19375

Malware in sbrugna...

6.1CVSS6.1AI score0.00251EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-1640

Malware in sbrugna...

4.3CVSS6.4AI score0.01195EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2017-0060

Malware in sbrugna...

6.1CVSS6AI score0.02141EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2025/09/08 10:2 a.m.6 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS6AI score0.00251EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2025/09/08 10:2 a.m.5 views

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

6.1CVSS5.2AI score0.00251EPSS
Exploits1
OSV
OSV
added 2025/08/01 4:7 p.m.11 views

SUSE-SU-2025:02350-2 Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...

6.5CVSS6.8AI score0.00478EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/07/18 4:44 p.m.3 views

Security update for kubernetes1.26

This update for kubernetes1.26 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.5CVSS7.2AI score0.00478EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/07/17 12:32 p.m.4 views

Security update for kubernetes1.28

This update for kubernetes1.28 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.5CVSS7.2AI score0.00478EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/07/16 2:50 p.m.4 views

Security update for kubernetes1.27

This update for kubernetes1.27 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.5CVSS7.2AI score0.00478EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/06/13 7:20 a.m.2 views

Security update for kubernetes1.24

This update for kubernetes1.24 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.5CVSS7.2AI score0.00478EPSS
Exploits0References4
Rows per page
Query Builder