575 matches found
CVE-2018-19573
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...
CVE-2018-19573
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...
Cross site scripting
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...
CVE-2018-19573
GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...
CVE-2018-19573
GitLab CE/EE (versions 10.3 through 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1) are affected by an XSS in Markdown fields via Mermaid. Root cause: unsafe rendering of Mermaid content in Markdown. Impact is XSS in affected Markdown fields; no exploit status provided in the doc...
CVE-2018-19573
Removed by vendor...
PT-2019-9856 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.3 through 11.5 before 11.5.1 GitLab CE/EE version 11.4 before 11.4.8 GitLab CE/EE version 11.3 before 11.3.11 Description: The issue is related to an XSS vulnerability in Markdown fields via Mermaid. Recommendations:...
Cross-site Scripting (XSS)
mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...
CVE-2019-12136
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...
CVE-2019-12136
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...
CVE-2019-12136
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...
CVE-2019-12136
BoostIO Boostnote 0.11.15 is affected by CVE-2019-12136. The vulnerability is an XSS in the UI when processing a label named mermaid, exploitable via a crafted SRC attribute of an IFRAME element. The issue originates from Boostnote’s rendering path for this label, enabling injection of malicious ...
Cross-Site Scripting
Overview Versions of mermaid prior to 8.2.3 are vulnerable to Cross-Site Scripting. If malicious input such as A"" is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding. Recommendation Upgrade to version 8.2.3 or later References ...
GitLab: DoS on the Issue page by exploiting Mermaid.
Summary: An attacker could exploit Mermaid available in Markdown and cause DoS. Description: Markdown supported by GitLab can generate diagrams and flowcharts from text using Mermaid. An Attacker can exploit this function to prevent users from successfully accessing some functions. For example, y...
Mermaid Fashion Show Free - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Mermaid Fashion Show Free published at the 'play' market has multiple vulnerabilities...
Mermaid Princess Spa & Salon - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Mermaid Princess Spa & Salon published at the 'play' market has multiple vulnerabilities...
Mermaid Ava and Friends - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities
HackApp vulnerability scanner discovered that application Mermaid Ava and Friends published at the 'play' market has multiple vulnerabilities...
Mermaid Princess - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities
HackApp vulnerability scanner discovered that application Mermaid Princess published at the 'play' market has multiple vulnerabilities...
Mermaid Puzzles for Toddlers - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Mermaid Puzzles for Toddlers published at the 'play' market has multiple vulnerabilities...
The Little Mermaid - Base64 encoded String, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application The Little Mermaid published at the 'play' market has multiple vulnerabilities...