26 matches found
CVE-2026-25516
CVE-2026-25516 affects NiceGUI’s ui.markdown() in multiple sources (NVD, Red Hat, OSV, etc.). The vulnerability arises because markdown2’s default behavior allows raw HTML to pass through, enabling attacker-controlled content to inject HTML/JS event handlers when rendered via innerHTML. ui.markdo...
CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...
GHSA-V82V-C5X8-W282 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Description The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown, an...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
EUVD-2021-0019
Malware in sbrugna...
EUVD-2023-47682
Malicious code in bioql PyPI...
CVE-2025-24981
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...
BIT-SUPERSET-2021-27907 Apache Superset stored XSS on Dashboard markdown
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
Cross site scripting
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
Froala Editor Cross-Site Scripting Vulnerability
Froala Editor is a powerful JavaScript rich text editor for individual developers. A cross-site scripting vulnerability exists in Froala Editor version v.4.1.1 that could allow an attacker to execute arbitrary code via the Markdown component...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
PT-2023-5610 · Froala · Froala Editor
Name of the Vulnerable Software and Affected Versions: Froala Editor version 4.1.1 Description: A Cross-site scripting XSS issue exists due to insufficient protection of the web page structure. This allows a remote attacker to execute arbitrary code via the Markdown component of the Froala Editor...
CVE-2023-43263
A Cross-site scripting XSS vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component...
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
PYSEC-2021-127
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...