4382 matches found
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...
CVE-2023-2318
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...
CVE-2023-2318
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...
CVE-2023-2317
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...
Default credentials
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...
Default credentials
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...
CVE-2023-2318
CVE-2023-2318 concerns MarkText up to version 0.17.1 where a DOM‑based XSS flaw in src/muya/lib/contentState/pasteCtrl.js can allow arbitrary JavaScript to run in the MarkText main window when pasting HTML copied from a malicious page. The vulnerability arises during HTML-to-Markdown conversion: ...
CVE-2023-2318 MarkText DOM-Based Cross-site Scripting leading to Remote Code Execution
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into...
CVE-2023-2317 Typora DOM-Based Cross-site Scripting leading to Remote Code Execution
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...
CVE-2023-2317
Vulnerability context (CVE-2023-2317) : DOM-based XSS in Typora’s updater/update.html before 1.6.7 on Windows/Linux. A crafted markdown file can execute arbitrary JavaScript in the Typora main window by loading typora://app/typemark/updater/update.html in an tag. Exploitation scenarios include o...
PT-2023-18872 · Marktext · Marktext
Name of the Vulnerable Software and Affected Versions: MarkText versions 0.17.1 and before Description: The issue is a DOM-based XSS that allows arbitrary JavaScript code to run in the context of the MarkText main window. This can be exploited if a user copies text from a malicious webpage and...
PT-2023-24620
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2...
webmention.js 跨站脚本漏洞
webmention.js is a client-side library from the PlaidWeb project for rendering webmentions from webmention.io. A cross-site scripting vulnerability exists in versions of plaidweb webmention.j prior to 0.5.5, which stems from susceptibility to DOM-based cross-site scripting XSS attacks...
U.S. Dept Of Defense: RCE via File Upload with a Null Byte Truncated File Extension at https://██████/
A remote code execution vulnerability via file upload with a null byte truncated file extension was found on a website. By uploading a file with .asp%00.png extension, malicious ASP code could be executed on the server. This allowed an attacker to run arbitrary system commands. The issue was...
taoCMS 跨站脚本漏洞
taoCMS is a Chinese micro CMS Content Management System. A security vulnerability exists in taoCMS 3.0.2 and earlier versions, which stems from a DOM-type cross-site scripting XSS vulnerability...
CVE-2023-28534
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.This issue affects WP Job Portal: from n/a through = 2.0.5...
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
GHSA-XP5H-F8JF-RC8Q rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
Burp-Dom-Scanner - Burp Suite's Extension To Scan And Crawl Single Page Applications
It's a Burp Suite's extension to allow for recursive crawling and scanning of Single Page Applications. It runs a Chromium browser to scan the webpage for DOM-based XSS. It can also collect all the requests XHR, fetch, websockets, etc issued during the crawling allowing them to be forwarded to...