DEBIAN-CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

Cross site scripting

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

GHSA-Q3WR-QW3G-3P4H Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

CVE-2020-26298

CVE-2020-26298 affects the Redcarpet Ruby gem (rubygem-redcarpet) prior to 3.5.1, where HTML escaping was not performed for quotes, enabling a cross-site scripting (XSS) vector. The issue is fixed in version 3.5.1 (via the referenced commit); upgrading to 3.5.1 or newer mitigates the vulnerabilit...

CVE-2020-26298 Injection in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

PT-2021-3541 · Redcarpet +1 · Redcarpet +1

Name of the Vulnerable Software and Affected Versions: Redcarpet versions prior to 3.5.1 Description: The issue is related to incorrect input sanitization in the Redcarpet library, which can enable a cross-site scripting attack. This is due to the lack of HTML escaping when processing quotes, eve...

Vicent Martí Redcarpet Injection Vulnerability

Vicent Martí Redcarpet is a Rust-based codebase for parsing Markdown syntax by the individual developer Vicent Martí. An injection vulnerability exists in Redcarpet before version 3.5.1, which results from not performing HTML escaping when handling quotes...

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

DEBIAN-CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

UBUNTU-CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

PT-2020-6811 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.10 and earlier MediaWiki versions 1.32.x through 1.34.3 Description: An issue was discovered in the non-jqueryMsg version of mw.message.parse, which doesn't escape HTML. This affects both message contents and the...

Open-Xchange: XSS on opening malicious OpenOffice presentation document

Title Opening a malicious OpenOffice presentation document may lead to cross site scripting XSS attacks Description When generating HTML content for drawings present in odp file, a div is generated by Drawing.java. The attribute target of this div is directly constructed from the field target...

Mendix: Reflected XSS in "*.mendix.com/openid/*"

The endpoint at https://sprintr.home-accp.mendix.com/openid/ suffers from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the...