116 matches found
CVE-2024-32945
Mattermost Mobile Apps versions =2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions...
CVE-2024-53758
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...
CVE-2023-39663
Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...
CVE-2020-18748
Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
Malicious code in mathjax-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31e9bef117fdc744a0166905e2fe2aba840a07ffa7b09a4320b90476efc7aa46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in mathjax-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5b3b67677f9fc901fefa32f5a65afd65ac6a199d7ebb72be98b9ace3dbbad19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2687 Malicious code in mathjax-v2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5b3b67677f9fc901fefa32f5a65afd65ac6a199d7ebb72be98b9ace3dbbad19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2688 Malicious code in mathjax-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31e9bef117fdc744a0166905e2fe2aba840a07ffa7b09a4320b90476efc7aa46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-53758
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...
CVE-2024-53758 WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...
CVE-2024-53758
CVE-2024-53758 describes a Stored XSS in the WordPress WP MathJax plugin
CVE-2024-53758 WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...
WordPress plugin WP MathJax 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...
WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP MathJax versions = 1.0.1...
Allegra 路径遍历漏洞
Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the serveMathJaxLibraries feature containing a directory traversal information disclosure vulnerability...
GHSA-GJ55-2XF9-67RQ HTML injection in JupyterLite leading to DOM Clobbering
Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data accessible from JupyterLite and perform arbitrary actions in JupyterLite environment. Patches JupyterLi...
GHSA-9Q39-RMJ3-P4R2 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...
CVE-2024-43805
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...
CVE-2024-43805
CVE-2024-43805 affects JupyterLab and Jupyter Notebook where a user opens a malicious notebook or Markdown file in preview mode can lead to data access and arbitrary requests performed as the attacked user. Affected versions include JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2; patches e...