92 matches found
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
Impact CWE-20: Improper Input Validation Low impact Patches Patched in v7.1.8 commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915 Workarounds No...
mkdocs-include-markdown-plugin 输入验证错误漏洞
mkdocs-include-markdown-plugin is a Markdown file processor by the individual developer Álvaro Mondéjar Rubio. An input validation error vulnerability exists in mkdocs-include-markdown-plugin version 7.1.7 and earlier, which stems from unvalidated input that may conflict with substitution...
CVE-2025-9540
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-9541
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-9540
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-9541 Markup Markdown < 3.20.10 - Contributor+ Stored XSS
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-9541
CVE-2025-9541 affects the WordPress plugin Markup Markdown (versions before 3.20.10). The issue allows JavaScript in links, enabling Stored XSS for users with contributor role and above. Patchstack/Red Hat/NVD entries confirm the vulnerability and an update to 3.20.10 as the fix; apply the 3.20.1...
CVE-2025-9540 Markup Markdown < 3.20.10 - Contributor+ Stored XSS
The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
MAL-2025-45588 Malicious code in prettier-plugin-markdown-sadr-loop-decoherence (npm)
The package prettier-plugin-markdown-sadr-loop-decoherence was found to contain malicious code...
Malicious code in prettier-plugin-markdown-europa-spawn-csv (npm)
The package prettier-plugin-markdown-europa-spawn-csv was found to contain malicious code...
Malicious code in prettier-plugin-markdown-global-algol-taphonomy (npm)
The package prettier-plugin-markdown-global-algol-taphonomy was found to contain malicious code...
MAL-2025-45586 Malicious code in prettier-plugin-markdown-global-algol-taphonomy (npm)
The package prettier-plugin-markdown-global-algol-taphonomy was found to contain malicious code...
MAL-2025-43755 Malicious code in chai-prettier-plugin-markdown-weywot-ichnology (npm)
The package chai-prettier-plugin-markdown-weywot-ichnology was found to contain malicious code...
WordPress Markup Markdown plugin <= 3.20.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by JeonKim in WordPress Plugin Markup Markdown versions = 3.20.6...
Malicious code in speleology-puppeteer-optimize-css-assets-webpack-plugin-prettier-plugin-markdown (npm)
The package speleology-puppeteer-optimize-css-assets-webpack-plugin-prettier-plugin-markdown was found to contain malicious code...
Malicious code in xerxes-prettier-plugin-markdown-airbnb-resolvers (npm)
The package xerxes-prettier-plugin-markdown-airbnb-resolvers was found to contain malicious code...
Malicious code in australis-nightwatch-prettier-plugin-markdown-tectonophysics (npm)
The package australis-nightwatch-prettier-plugin-markdown-tectonophysics was found to contain malicious code...
MAL-2025-39757 Malicious code in xerxes-prettier-plugin-markdown-airbnb-resolvers (npm)
The package xerxes-prettier-plugin-markdown-airbnb-resolvers was found to contain malicious code...
MAL-2025-27682 Malicious code in nodejs-prettier-plugin-markdown-terraforming-websockets (npm)
The package nodejs-prettier-plugin-markdown-terraforming-websockets was found to contain malicious code...
Malicious code in rollup-development-vega-prettier-plugin-markdown (npm)
The package rollup-development-vega-prettier-plugin-markdown was found to contain malicious code...