90 matches found
October CMS Has Stored XSS In Backend Editor Markup Classes
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...
CVE-2026-24906
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...
October CMS has Stored XSS in Backend Editor Markup Classes
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of the Markup Classes fields within the backend editor settings. An attacker can execute arbitrary JavaScript code in the context of users who open a RichEditor by injecting malicious values th...
CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...
CVE-2026-24906
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...
PT-2026-32726
A stored cross-site scripting XSS vulnerability was identified in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
EUVD-2021-2182
Malware in sbrugna...
EUVD-2021-2190
Malware in sbrugna...
EUVD-2023-46878
Malicious code in bioql PyPI...
EUVD-2023-2529
Malicious code in bioql PyPI...
EUVD-2022-5026
Malicious code in bioql PyPI...
EUVD-2022-1026
Malicious code in bioql PyPI...
EUVD-2023-47682
Malicious code in bioql PyPI...
CVE-2023-42426
Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...
CVE-2023-41592
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting XSS vulnerability...
CVE-2021-30109
Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...
CVE-2020-26523
Froala Editor before 3.2.2 allows XSS via pasted content...
CVE-2019-19935
Froala Editor before 3.2.3 allows XSS...