91 matches found
CVE-2024-1791
The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
Cross site scripting
The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
CVE-2024-1791 CodeMirror Blocks <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
CVE-2024-1791
CVE-2024-1791 concerns the CodeMirror Blocks plugin for WordPress. According to Red Hat and Wordfence sources, versions up to and including 1.2.4 are affected due to insufficient input sanitization and output escaping in the Code Mirror block, enabling a stored cross-site scripting (XSS) conditio...
CVE-2024-1791 CodeMirror Blocks <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
WordPress CodeMirror Blocks Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software CodeMirror Blocks Type Plugin Vulnerable versions = 1.2.4 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1791 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8f146af67463 Credits RandomRoot Required...
PT-2024-18309 · WordPress · Codemirror Blocks
Name of the Vulnerable Software and Affected Versions: CodeMirror Blocks plugin for WordPress versions up to, and including, 1.2.4 Description: The issue is related to Stored Cross-Site Scripting via the Code Mirror block due to insufficient input sanitization and output escaping. This allows...
WordPress Plugin CodeMirror Blocks Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CodeMirror Blocks < 2.0.0 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Code Mirror block due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will...
Security Bulletin: A security vulnerability in Node.js codemirror module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js codemirror module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-7760 DESCRIPTION: Node.js codemirror module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By using...
Malicious Package
Overview tinymce-codemirror is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview codemirror-6-getting-started is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious code in codemirror-6-getting-started (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914fcab57c708e2ab3449d29b3ce1eb9437e02611bfb1333e905f9ae10c2eb05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1973 Malicious code in codemirror-6-getting-started (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 914fcab57c708e2ab3449d29b3ce1eb9437e02611bfb1333e905f9ae10c2eb05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview codemirror-dart-minifier is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
PT-2022-21305 · Unknown · Codemirror.Php +1
Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: A local file inclusion LFI vulnerability in the component codemirror.php allows attackers to execute arbitrary PHP code via a crafted HTTP request. Recommendations: For...
i3geo 路径遍历漏洞
i3geo is a saladesituacao open source application for developing interactive web maps. A path traversal vulnerability exists in i3geo version v7.0.5, which stems from a Local File Inclusion LFI vulnerability in the codemirror.php component that allows an attacker to execute arbitrary PHP code via...
Malicious code in angular-codemirror (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35dc347e24feed0c6db7e76db6a8158f89fea231443ed0a74ec4717d8eed1915 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...