Lucene search
K

279 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.6 views

CVE-2020-11065

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been...

5.4CVSS6.5AI score0.0054EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2025/05/19 12:5 p.m.15 views

symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes

More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...

6.1CVSS7AI score0.00212EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/05/05 8:40 p.m.14 views

GHSA-3527-QV2Q-PFVX league/commonmark contains a XSS vulnerability in Attributes extension

Summary Cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as htmlinput:...

6.4CVSS5.2AI score0.00287EPSS
Exploits0References4
NVD
NVD
added 2025/05/05 8:15 p.m.101 views

CVE-2025-46734

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/05 7:52 p.m.8 views

CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS5.3AI score0.00287EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/05/05 7:52 p.m.12 views

CVE-2025-46734

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS5.3AI score0.00287EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/05 7:52 p.m.92 views

CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS0.00287EPSS
Exploits0References2
CVE
CVE
added 2025/05/05 7:52 p.m.88 views

CVE-2025-46734

CVE-2025-46734 affects the PHP Markdown parser league/commonmark, specifically the Attributes extension (versions 1.5.0–2.6.x). The vulnerability allows injection of dangerous HTML attributes via Markdown syntax (e.g., curly braces) that can bypass HTML sanitization settings. Version 2.7.0 mitiga...

6.4CVSS6AI score0.00287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/12/12 8:48 a.m.14 views

CVE-2024-55601

A flaw was found in the Hugo static site generator. Some HTML attributes in Markdown in the internal templates do not escape in internal render hooks. Hugo users who do not trust their Markdown content files and are using one or more of these templates are impacted; default/markup/render-link.htm...

5.4CVSS6.3AI score0.00574EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/12/11 3:48 a.m.3 views

SUSE CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.6AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 2024/12/09 10:15 p.m.33 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS0.00574EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/09 9:11 p.m.34 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS0.00574EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/09 9:11 p.m.9 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.7AI score0.00574EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/12/09 9:11 p.m.13 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS5.8AI score0.00574EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/12/09 9:11 p.m.15 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.5AI score0.00574EPSS
Exploits0
CVE
CVE
added 2024/12/09 9:11 p.m.92 views

CVE-2024-55601

Hugo, a static site generator, is affected in versions 0.123.0 through 0.139.3 (prior to 0.139.4). The issue: certain HTML attributes in Markdown in internal templates are not escaped in render hooks, specifically in templates _default/_markup/render-link.html (v0.123.0), _default/_markup/render-...

5.3CVSS6.2AI score0.00574EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.7 views

Astra Linux – Vulnerability in Jinja2

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, which could potentially lead to Cross-Site Scripting XSS. The Jinja xmlattr filter can be...

6.1CVSS6.8AI score0.00892EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/11/14 5:38 p.m.18 views

Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

9.6CVSS8.6AI score0.01037EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2024/11/01 6:35 a.m.4 views

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Markdown class in lib/markdown2.py, which insufficiently sanitizes attribute values. An attacker can exploit this by crafting...

6.1CVSS5.3AI score
Exploits0References3
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00979EPSS
Exploits0References2
Rows per page
Query Builder