10 matches found
CVE-2026-40201
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...
@diplodoc/algolia (>=0.1.0 <=0.4.1), @diplodoc/algolia-extension (>=0.4.1 <=0.6.1) +1 more potentially affected by CVE-2026-40201 via @diplodoc/search-extension (=1.2.2)
@diplodoc/search-extension NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on @diplodoc/search-extension and may be impacted: - @diplodoc/algolia =0.1.0, =0.4.1, =0.0.0-rc-add-filemeta-to-boost-testing-202410220924, =5.0.0-alpha-10 Sour...
Cross-site Scripting (XSS)
Overview @diplodoc/search-extension is a Lunr based offline search extension for Diplodoc platform Affected versions of this package are vulnerable to Cross-site Scripting XSS in the title field of Markdown files. An attacker can execute arbitrary scripts in the context of the user's browser by...
@diplodoc/algolia (>=0.1.0 <=0.4.1), @diplodoc/algolia-extension (>=0.4.1 <=0.6.1) +1 more potentially affected by CVE-2026-40201 via @diplodoc/search-extension (=1.2.2)
@diplodoc/search-extension NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on @diplodoc/search-extension and may be impacted: - @diplodoc/algolia =0.1.0, =0.4.1, =0.0.0-rc-add-filemeta-to-boost-testing-202410220924, =5.0.0-alpha-10 Sour...
CVE-2026-40201
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...
CVE-2026-40201
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...
CVE-2026-40201
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...
CVE-2026-40201
@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...
PT-2026-36308
Name of the Vulnerable Software and Affected Versions @diplodoc/search-extension versions 1.0.0 through 3.0.2 Description Stored Cross-Site Scripting XSS occurs via the title in a .md file. Stored XSS is a type of vulnerability where a malicious script is permanently stored on the target server,...
Diplodoc search extension 跨站脚本漏洞
The Diplodoc Search Extension is an open-source extension tool for offline searching developed by Diplodoc. Versions of the Diplodoc Search Extension from 1.0.0 to 3.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from titles in.md files, which could lead to...