EUVD-2025-27594

Malicious code in bioql PyPI...

@lightnet/decap-admin (>=2.0.9 <=2.4.1), trivet (>=2.1.0 <=2.1.1) potentially affected by CVE-2025-57520 via decap-cms (>=3.0.12 <=3.12.2)

decap-cms NPM version =3.0.12, =2.0.9, =2.1.0, =2.1.1 Source cves: CVE-2025-57520 Source advisory: SNYK:JS-DECAPCMS-12997397...

Cross-site Scripting (XSS)

Overview decap-cms is an An extensible, open source, Git-based, React CMS for static sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of input fields such as body, tags, title, and description in the content preview pane. An attacker...

@lightnet/decap-admin (>=2.0.9 <=2.4.1), trivet (>=2.1.0 <=2.1.1) potentially affected by CVE-2025-57520 via decap-cms (>=3.0.12 <=3.12.2)

decap-cms NPM version =3.0.12, =2.0.9, =2.1.0, =2.1.1 Source cves: CVE-2025-57520 Source advisory: OSV:GHSA-XP8G-32QH-MV28...

GHSA-XP8G-32QH-MV28 Decap CMS Cross Site Scripting (XSS) vulnerability

Decap CMS through 3.8.3 is vulnerable to stored Cross-Site Scripting XSS in the admin preview pane. User-controlled fields e.g., title, description, tags, and body are rendered in the preview without sufficient sanitization/escaping. An attacker with low-privilege author/contributor access can...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

Exploit for CVE-2025-57520

PoC exploit for CVE-2025-57520, a stored cross-site scripting X...

decap-cms 安全漏洞

decap-cms is a Git-based static site generator from Decap CMS open source. A security vulnerability exists in decap-cms 3.8.3 and earlier versions, which stems from cross-site scripting and could lead to the execution of arbitrary JavaScript...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

CVE-2025-57520

CVE-2025-57520 — Decap CMS up to version 3.8.3 is reported vulnerable to a stored XSS in the admin content preview pane. User-controlled fields (body, tags, title, description) are rendered without adequate sanitization, enabling an attacker with access as a low-privilege author/contributor to in...

PT-2025-37081

Name of the Vulnerable Software and Affected Versions: Decap CMS versions through 3.8.3 Description: A Cross Site Scripting XSS vulnerability exists in Decap CMS. Input fields, including body, tags, title, and description, are not properly sanitized before being rendered in the content preview...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...

Netlify CMS 2.10.192 Cross Site Scripting

Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...