Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/06/23 4:47 p.m.33 views

CVE-2026-54011 Open WebUI: Stored XSS in Mermaid Markdown Preview

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS0.002EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/17 2:14 p.m.10 views

Open WebUI: Stored XSS in Mermaid Markdown Preview

Summary Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with securityLevel: 'loose', attacker-controlled Mermaid content can be rendered unsafely in this flow. A working paylo...

8.7CVSS5.6AI score0.002EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-22242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerabilit...

8.7CVSS5.9AI score0.63555EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:19 a.m.19 views

BIT-GITLAB-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

8.7CVSS6AI score0.63555EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.21 views

GitLab 11.4 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22242)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

8.7CVSS6AI score0.63555EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/06 2:37 p.m.21 views

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the insufficient input sanitization in Mermaid markdown of the library, allowing an attacker to inject and execute malicious javascript...

8.7CVSS6.5AI score0.63555EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 7:15 p.m.16 views

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

5.4CVSS5.5AI score0.63555EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/08/25 7:15 p.m.25 views

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

8.7CVSS6.4AI score0.63555EPSS
Exploits0References4
Prion
Prion
added 2021/08/25 7:15 p.m.17 views

Cross site scripting

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

3.5CVSS4.9AI score0.63555EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/08/25 7:15 p.m.2 views

UBUNTU-CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

8.7CVSS5.7AI score0.63555EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2021/08/25 6:38 p.m.22 views

CVE-2021-22242

Removed by vendor...

8.7CVSS6.4AI score0.63555EPSS
Exploits0
Cvelist
Cvelist
added 2021/08/25 6:38 p.m.20 views

CVE-2021-22242

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...

8.7CVSS8AI score0.63555EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.5 views

GitLab 跨站脚本漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab CE/EE...

8.7CVSS6.1AI score0.63555EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/08/25 12:0 a.m.3 views

PT-2021-6533 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.4 and up Description: The issue is related to insufficient input sanitization in Mermaid markdown, allowing a remote attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown. Th...

8.7CVSS5.5AI score0.63555EPSS
Exploits0References15
Rows per page
Query Builder