Lucene search
K

116 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:59 a.m.5 views

CVE-2024-32945

Mattermost Mobile Apps versions =2.16.0 fail to protect against abuse of a globally shared MathJax state which allows an attacker to change the contents of a LateX post, by creating another post with specific macro definitions...

5.3CVSS6.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.7 views

CVE-2024-53758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...

6.5CVSS7.2AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.7 views

CVE-2023-39663

Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk...

7.5CVSS7.3AI score0.00703EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.8 views

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

6.1CVSS6.6AI score0.01182EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.6 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.1CVSS7.2AI score0.0142EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/25 2:39 a.m.4 views

Malicious code in mathjax-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31e9bef117fdc744a0166905e2fe2aba840a07ffa7b09a4320b90476efc7aa46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/25 2:39 a.m.5 views

Malicious code in mathjax-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5b3b67677f9fc901fefa32f5a65afd65ac6a199d7ebb72be98b9ace3dbbad19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/03/25 2:39 a.m.2 views

MAL-2025-2687 Malicious code in mathjax-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5b3b67677f9fc901fefa32f5a65afd65ac6a199d7ebb72be98b9ace3dbbad19 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2025/03/25 2:39 a.m.1 views

MAL-2025-2688 Malicious code in mathjax-v3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31e9bef117fdc744a0166905e2fe2aba840a07ffa7b09a4320b90476efc7aa46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
NVD
NVD
added 2024/11/30 10:15 p.m.9 views

CVE-2024-53758

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...

6.5CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/30 9:52 p.m.25 views

CVE-2024-53758 WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...

6.5CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2024/11/30 9:52 p.m.46 views

CVE-2024-53758

CVE-2024-53758 describes a Stored XSS in the WordPress WP MathJax plugin

6.5CVSS7.2AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/30 9:52 p.m.7 views

CVE-2024-53758 WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terry L. WP MathJax wp-mathjax-plus allows Stored XSS.This issue affects WP MathJax: from n/a through = 1.0.1...

6.5CVSS8.6AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/30 12:0 a.m.3 views

WordPress plugin WP MathJax 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

6.5CVSS8AI score0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/28 1:5 p.m.5 views

WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP MathJax versions = 1.0.1...

6.5CVSS6.1AI score0.00283EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.3 views

Allegra 路径遍历漏洞

Allegra is a project management software for mid-sized organizations from Allegra. Allegra suffers from a path traversal vulnerability that stems from the serveMathJaxLibraries feature containing a directory traversal information disclosure vulnerability...

7.5CVSS7.3AI score0.02035EPSS
Exploits0References2
OSV
OSV
added 2024/09/06 7:51 p.m.13 views

GHSA-GJ55-2XF9-67RQ HTML injection in JupyterLite leading to DOM Clobbering

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data accessible from JupyterLite and perform arbitrary actions in JupyterLite environment. Patches JupyterLi...

8.1CVSS6AI score
Exploits0References3
OSV
OSV
added 2024/08/29 5:55 p.m.5 views

GHSA-9Q39-RMJ3-P4R2 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6AI score0.00373EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/08/28 8:15 p.m.12 views

CVE-2024-43805

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

7.6CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2024/08/28 7:43 p.m.101 views

CVE-2024-43805

CVE-2024-43805 affects JupyterLab and Jupyter Notebook where a user opens a malicious notebook or Markdown file in preview mode can lead to data access and arbitrary requests performed as the attacked user. Affected versions include JupyterLab v3.6.8, v4.2.5 and Jupyter Notebook v7.2.2; patches e...

7.6CVSS6.7AI score0.00373EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder