USN-7258-1 ckeditor vulnerabilities

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

USN-7258-1: CKEditor vulnerabilities

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

Cross-site Scripting (XSS)

silverstripe/framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to the failure to sanitize HTML before replacing the embed shortcode with oEmbed JSON data in the "insert media" functionality, allowing a script payload to be executed on both the CMS and front-end of th...

Silverstripe Framework has a XSS via insert media remote file oembed

Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...

Silverstripe Asset Admin Module 跨站脚本漏洞

Silverstripe Asset Admin Module is an open source asset management module from Silverstripe. A cross-site scripting vulnerability exists in Silverstripe Asset Admin Module, which stems from the fact that HTML is not sanitized until the shortcode is replaced, allowing execution of script loads in...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of HTML content in the FAQ editor at http://localhost/admin/index.php?action=editentry . Attackers can inject malformed HTML elements styled to cover the entire screen, disrupting the user...

Cross-Site Scripting (XSS)

@marp-team/marp-core is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper neutralization of HTML during sanitization, allowing malicious scripts to bypass defenses and execute...

CVE-2024-56510

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510

Marp Core vulnerability CVE-2024-56510 affects Marp Core versions from v3.0.2 to v3.9.0 and v4.0.0, where improper neutralization of HTML sanitization leads to Cross-Site Scripting (XSS). The issue is addressed in Marp Core v3.9.1 and v4.0.1. If immediate upgrading is not feasible, a workaround i...

GHSA-X52F-H5G4-8QV5 Marp Core allows XSS by improper neutralization of HTML sanitization

Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...

Marp Core allows XSS by improper neutralization of HTML sanitization

Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of HTML content when specific configurations are used. If HTML5 sanitization is enabled and the application developer overrides the sanitizer's allowed tags to include the "noscript...

CVE-2024-53987

A cross-site scripting XSS vulnerability was found in certain configurations of rails-html-sanitizer. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicit...

UBUNTU-CVE-2024-53988

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

Cross-site Scripting (XSS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the configuration of HTML5 sanitization and overridden sanitizer's allowed tags. An attacker can inject malicious content by exploiting the allowe...

CVE-2024-53985 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri 1.15.7, or 1.16.x 1.16.8. The XSS vulnerability with certain...

CVE-2024-53987

CVE-2024-53987 concerns Rails HTML Sanitizer. A vulnerability arises when Rails::HTML::Sanitizer 1.6.0 is used with Rails >= 7.1.0 and HTML5 sanitization is enabled while an overridden allowed-tags set explicitly includes the element but excludes or . This configuration could allow an attack...