Lucene search
K

209 matches found

OSV
OSV
added 2022/10/26 12:0 p.m.13 views

GHSA-4R9G-W48Q-8JWM HyperDown vulnerable to Cross-site Scripting

HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds...

6.1CVSS6.3AI score0.00473EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/26 12:0 a.m.6 views

npm hyperdown 跨站脚本漏洞

npm hyperdown is a library from the American company npm. A security vulnerability exists in npm hyperdown, which stems from the fact that the module that parses markdown does not filter the href attribute well...

6.1CVSS6.2AI score0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/26 12:0 a.m.5 views

PT-2022-17566 · Joyqi · Hyper-Down

Name of the Vulnerable Software and Affected Versions: joyqi/hyper-down versions 0.0.0 and later Description: The issue arises from improper validation of the href attribute in the markdown parser module, leading to Cross-site Scripting XSS. There is no information about the estimated number of...

6.1CVSS6AI score0.00473EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/07/25 12:0 a.m.84 views

CVE-2022-34749

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking...

7.5CVSS6.8AI score0.01215EPSS
Exploits0
Snyk
Snyk
added 2022/07/20 1:33 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well. PoC 1 Step 1: load the HyperDownParser module: php $parser = new HyperDownParser; 2 Step 2: add the payload: php $text = "!";...

6.1CVSS5.3AI score0.00473EPSS
Exploits1References2
OSV
OSV
added 2022/03/18 12:1 a.m.57 views

GHSA-66WW-999Q-MFFQ Arbitrary code execution in post-loader

post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...

9.8CVSS9.6AI score0.01957EPSS
Exploits1References3
NVD
NVD
added 2022/03/17 12:15 p.m.30 views

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

9.8CVSS0.01957EPSS
Exploits1References1
Prion
Prion
added 2022/03/17 12:15 p.m.18 views

Code injection

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

7.5CVSS9.5AI score0.01957EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/17 11:21 a.m.37 views

CVE-2022-0748 Arbitrary Code Execution

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

9.8CVSS9.9AI score0.01957EPSS
Exploits1References1
CVE
CVE
added 2022/03/17 11:21 a.m.85 views

CVE-2022-0748

CVE-2022-0748 affects the post-loader package (Webpack loader for Markdown blog posts). The root cause is unsafe handling of a Markdown parser which allows JavaScript in Markdown inputs to be evaluated and executed, enabling arbitrary code execution. Affected versions are 0.0.0 and later. Public ...

9.8CVSS9.6AI score0.01957EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/03/17 11:21 a.m.19 views

CVE-2022-0748 Arbitrary Code Execution

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

9.8CVSS7.3AI score0.01957EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/03/17 11:15 a.m.8 views

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

9.8CVSS5.7AI score0.01957EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.5 views

post-loader 跨站脚本漏洞

post-loader is a Webpack loader for China EGOIST individual developers. It is used to write blog posts in Markdown. A cross-site scripting vulnerability exists in post-loader, which stems from the use of the markdown parser in an insecure manner, so that any javascript code in a markdown input fi...

9.8CVSS8AI score0.01957EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/03/17 12:0 a.m.10 views

PT-2022-13408 · Unknown · Post-Loader

Name of the Vulnerable Software and Affected Versions: post-loader versions 0.0.0 and later Description: The issue concerns the post-loader package, which is a webpack loader for blog posts written in Markdown. It is vulnerable to Arbitrary Code Execution due to the use of a markdown parser in an...

9.8CVSS9.4AI score0.01957EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2022/01/20 12:0 a.m.8 views

The vulnerability of the md_analyze_line function (md4c.c) in the MD4C parser, which relates to the use of an uninitialized resource, allows a hacker to cause a service failure.

The vulnerability of the mdanalyzeline function in the MD4C parser is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.1CVSS5.9AI score0.00697EPSS
Exploits1References7Affected Software3
NVD
NVD
added 2022/01/14 5:15 p.m.20 views

CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

7.5CVSS0.02828EPSS
Exploits1References4
NVD
NVD
added 2022/01/14 5:15 p.m.24 views

CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

7.5CVSS0.02743EPSS
Exploits1References3
OSV
OSV
added 2022/01/14 5:15 p.m.4 views

DEBIAN-CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

7.5CVSS6.8AI score0.02743EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/01/14 5:15 p.m.24 views

CVE-2022-21681

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch may cause catastrophic backtracking against some strings and lead to a denial of service DoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a...

7.5CVSS6.7AI score0.02743EPSS
Exploits1References2
OSV
OSV
added 2022/01/14 5:15 p.m.2 views

UBUNTU-CVE-2022-21680

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

7.5CVSS6.7AI score0.02828EPSS
Exploits1References5
Rows per page
Query Builder