Lucene search
+L

585 matches found

Vulnrichment
Vulnrichment
added 2026/03/25 4:34 p.m.2 views

CVE-2026-2973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:34 p.m.66 views

CVE-2026-2973

GitLab CVE-2026-2973 affects GitLab CE/EE versions 17.7–before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The issue is an improper sanitization of entity-encoded content in Mermaid diagrams that could allow an authenticated user to execute arbitrary JavaScript in another user’s browser...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 4:34 p.m.7 views

CVE-2026-2973

Removed by vendor...

5.4CVSS5.8AI score0.00173EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab CE/EE prior to 18.8.7, 18.9.3, and 18.10.1 contained...

5.4CVSS6AI score0.00173EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-27991

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.7 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could execute arbitrary JavaScript in a user's browser. This is due to improper...

5.4CVSS6.1AI score0.00173EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.12 views

Gitlab -- vulnerabilities

Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts GitLab CE/EE Cross-Site Request Forgery issue in GLQL API impacts GitLab CE/EE HTML Injection in vulnerability report impacts GitLab EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Improper...

8.8CVSS5.9AI score0.00478EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

GitLab 17.7 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-2973)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute...

5.4CVSS6AI score0.00173EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/13 8:0 p.m.13 views

EUVD-2026-11720

OneUptime: Stored XSS via Mermaid Diagram Rendering securityLevel: "loose"...

7.6CVSS5.8AI score0.00224EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/13 8:0 p.m.5 views

Cross-site Scripting (XSS)

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

7.6CVSS5.7AI score0.00224EPSS
Exploits1References2
OSV
OSV
added 2026/03/13 8:0 p.m.3 views

GHSA-WVH5-6VJM-23QH OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

Summary The Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary...

7.6CVSS6.2AI score0.00224EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.10 views

OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

Summary The Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary...

7.6CVSS6.2AI score0.00224EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/13 7:54 p.m.9 views

CVE-2026-32308

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS0.00224EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

OneUptime 跨站脚本漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.23 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown viewer component rendering Mermaid...

7.6CVSS5.6AI score0.00224EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 9:29 p.m.216 views

CVE-2026-32308

OneUptime prior to version 10.0.23 is affected by a Stored XSS in the Markdown viewer’s Mermaid diagram rendering. The renderer uses securityLevel: "loose" and injects Mermaid SVG output via innerHTML, allowing interactive bindings and enabling XSS via Mermaid’s click directive to execute arbitra...

7.6CVSS6AI score0.00224EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 9:29 p.m.3 views

CVE-2026-32308 OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS6AI score0.00224EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/12 9:29 p.m.39 views

CVE-2026-32308 OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS0.00224EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 9:29 p.m.3 views

CVE-2026-32308

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS6AI score0.00224EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/12 9:29 p.m.9 views

CVE-2026-32308 OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS6AI score0.00224EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.12 views

PT-2026-25086

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams,...

7.6CVSS6AI score0.00224EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.5 views

CVE-2026-21866

Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This...

5.4CVSS5.9AI score0.00218EPSS
Exploits1References1
Rows per page
Query Builder