Cross-Site Scripting (XSS)

KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...

CVE-2025-23207

A flaw was found in the KaTeX library. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript or generate invalid HTML. Mitigation Users unable to upgrade should turn off the trust option or set ...

DEBIAN-CVE-2025-23207

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

CVE-2025-23207 \htmlData does not validate attribute names in KaTeX

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

CVE-2025-23207 \htmlData does not validate attribute names in KaTeX

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

CVE-2025-23207

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

KaTeX \htmlData does not validate attribute names

Impact KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. Workarounds - Avoid use of or turn off the...

GHSA-CG87-WMX4-V546 KaTeX \htmlData does not validate attribute names

Impact KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. Workarounds - Avoid use of or turn off the...

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library open-sourced by KaTeX for TeX math rendering on the web. A security vulnerability exists in KaTeX prior to version v0.16.21, which stems from the htmlData command that allows embedding of HTML data, and an improper configuration of the trust option...

PT-2025-1297 · Katex +3 · Katex +3

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.21 Description: The issue is related to the renderToString function in the KaTeX JavaScript library, which is used for rendering mathematical expressions. It is caused by incorrect encoding or escaping of output...

UBUNTU-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. A security vulnerability previously present in KaTeX v0.16.10 stems from code that uses KaTeX's trust option, specifically code that provides the ability to blacklist certain URL protocols, which may be spoofed by...

PT-2024-22358

Name of the Vulnerable Software and Affected Versions KaTeX versions prior to 0.16.10 Description KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using edef that causes a near-infinite loop, despi...

PT-2024-22361

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option can be fooled by URLs in malicious inputs that use uppercase characters in the protocol, allowin...

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. A security vulnerability existed prior to the KaTeX v0.16.10 release, which arose from the fact that KaTeX users rendering untrusted mathematical expressions could encounter a malicious input using def or ewcommand...

PT-2024-22360

Name of the Vulnerable Software and Affected Versions: KaTeX versions prior to 0.16.10 Description: KaTeX is a JavaScript library for TeX math rendering on the web. Users who render untrusted mathematical expressions could encounter malicious input using includegraphics that runs arbitrary...