Cross-site Scripting (XSS)

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

CVE-2025-54384 CKAN stored XSS vulnerability in Markdown description fields

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...

EUVD-2018-11259

Malware in sbrugna...

EUVD-2019-6552

Malware in sbrugna...

EUVD-2020-18956

Malware in sbrugna...

EUVD-2018-11262

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-6784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2...

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

GHSA-GX8M-F3MP-FG99 formwork Cross-site scripting vulnerability in Markdown fields

Impact Users with access to the administration panel with page editing permissions could insert tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. Patches - Formwork 1.13.0 has been released with a patch that solves this...

GitLab 10.3 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26409)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

BIT-GITLAB-2020-26409

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

PYSEC-2024-16

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...

PT-2024-19824 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.10 Nautobot versions prior to 2.1.2 Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Due to inadequate input sanitization, any user-editable fields...

GHSA-44CG-QCPR-FWJH Cross site scripting in francoisjacquet/rosariosis

A Cross Site Scripting XSS vulnerabilty exits in RosarioSIS before 7.6.1 via the xssclean function in classes/Security.php, which allows remote malicious users to inject arbitrary JaveScript of HTML.An example of affected components are all Markdown input fields...

Input validation

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

CVE-2020-26409

CVE-2020-26409 affects GitLab CE/EE: 10.3–13.4.7, 13.5 (excluding 13.5.5), 13.6 (excluding 13.6.2). The vulnerability is a denial-of-service arising from bypassing input validation in Markdown fields, enabling an attacker to trigger uncontrolled resource consumption. Connected documents corrobora...

CVE-2020-26409

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

PT-2020-16416 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 10.3 through 13.4.6 Gitlab CE/EE versions 13.5 through 13.5.4 Gitlab CE/EE versions 13.6 through 13.6.1 Description: A DOS issue exists that allows an attacker to trigger uncontrolled resource consumption by bypassing...

Denial Of Service (DoS)

Gitab is vulnerable to denial of service. An attacker is able to trigger uncontrolled resource by bypassing input validation in markdown fields...

CVE-2019-15584

A denial of service exists in gitlab v12.3.2, v12.2.6, and v12.1.10 that would let an attacker bypass input validation in markdown fields take down the affected page...