Lucene search
K

9 matches found

redhatcve
redhatcve
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS5.8AI score0.00244EPSS
Exploits0References1
nvd
nvd
added 2026/04/21 5:16 p.m.11 views

CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS0.00244EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/21 4:22 p.m.8 views

CVE-2026-35451

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/04/21 4:22 p.m.7 views

EUVD-2026-24161

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/21 12:0 a.m.10 views

Twenty 跨站脚本漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions of Twenty prior to 1.20.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient protocol validation and server-side checks in the BlockNote editor component, which could lead to storage-base...

5.7CVSS5.7AI score0.00244EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/04/21 12:0 a.m.28 views

PT-2026-34007

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/01/28 12:0 a.m.16 views

OpenProject data falsification vulnerability

OpenProject is an open-source web-based project management software. In versions 17.0.0 to 17.0.2 of OpenProject, there was a data manipulation vulnerability. This vulnerability stemmed from the BlockNote editor extension not properly verifying work package IDs, allowing arbitrary GET requests to...

7.3CVSS5.9AI score0.00105EPSS
Exploits0References3
osv
osv
added 2025/07/16 1:57 p.m.5 views

MAL-2025-6074 Malicious code in blocknote-editor (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
ossf
ossf
added 2025/07/16 1:57 p.m.8 views

Malicious code in blocknote-editor (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

6.9AI score
Exploits0
Rows per page
Query Builder