Lucene search
K

575 matches found

OSV
OSV
added 2019/07/10 4:15 p.m.19 views

CVE-2018-19573

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...

5.4CVSS5.7AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/07/10 4:15 p.m.27 views

CVE-2018-19573

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...

5.4CVSS6.8AI score0.00959EPSS
Exploits0References2
Prion
Prion
added 2019/07/10 4:15 p.m.25 views

Cross site scripting

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...

3.5CVSS5.3AI score0.00959EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/10 3:1 p.m.23 views

CVE-2018-19573

GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid...

5.7AI score0.00959EPSS
Exploits0References3
CVE
CVE
added 2019/07/10 3:1 p.m.62 views

CVE-2018-19573

GitLab CE/EE (versions 10.3 through 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1) are affected by an XSS in Markdown fields via Mermaid. Root cause: unsafe rendering of Mermaid content in Markdown. Impact is XSS in affected Markdown fields; no exploit status provided in the doc...

5.4CVSS5.2AI score0.00959EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2019/07/10 3:1 p.m.32 views

CVE-2018-19573

Removed by vendor...

5.4CVSS6.8AI score0.00959EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/07/10 12:0 a.m.5 views

PT-2019-9856 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.3 through 11.5 before 11.5.1 GitLab CE/EE version 11.4 before 11.4.8 GitLab CE/EE version 11.3 before 11.3.11 Description: The issue is related to an XSS vulnerability in Markdown fields via Mermaid. Recommendations:...

5.4CVSS5.7AI score0.00959EPSS
Exploits0References7
Veracode
Veracode
added 2019/05/16 7:12 a.m.12 views

Cross-site Scripting (XSS)

mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...

7.2AI score
Exploits0
NVD
NVD
added 2019/05/16 3:29 a.m.25 views

CVE-2019-12136

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

5.4CVSS5.1AI score0.00619EPSS
Exploits1References1
OSV
OSV
added 2019/05/16 3:29 a.m.15 views

CVE-2019-12136

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

5.4CVSS5.2AI score0.00619EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/05/16 2:55 a.m.23 views

CVE-2019-12136

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

5.2AI score0.00619EPSS
Exploits1References1
CVE
CVE
added 2019/05/16 2:55 a.m.46 views

CVE-2019-12136

BoostIO Boostnote 0.11.15 is affected by CVE-2019-12136. The vulnerability is an XSS in the UI when processing a label named mermaid, exploitable via a crafted SRC attribute of an IFRAME element. The issue originates from Boostnote’s rendering path for this label, enabling injection of malicious ...

5.4CVSS5.1AI score0.00619EPSS
Exploits1References1Affected Software1
Node.js
Node.js
added 2018/12/21 8:4 p.m.13 views

Cross-Site Scripting

Overview Versions of mermaid prior to 8.2.3 are vulnerable to Cross-Site Scripting. If malicious input such as A"" is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding. Recommendation Upgrade to version 8.2.3 or later References ...

7.1AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/12/19 7:34 p.m.23 views

GitLab: DoS on the Issue page by exploiting Mermaid.

Summary: An attacker could exploit Mermaid available in Markdown and cause DoS. Description: Markdown supported by GitLab can generate diagrams and flowcharts from text using Mermaid. An Attacker can exploit this function to prevent users from successfully accessing some functions. For example, y...

2.6AI score
Exploits0
hackapp
hackapp
added 2016/04/01 10:25 a.m.11 views

Mermaid Fashion Show Free - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Mermaid Fashion Show Free published at the 'play' market has multiple vulnerabilities...

1.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:23 a.m.16 views

Mermaid Princess Spa & Salon - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Mermaid Princess Spa & Salon published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:22 a.m.12 views

Mermaid Ava and Friends - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Mermaid Ava and Friends published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:22 a.m.9 views

Mermaid Princess - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Mermaid Princess published at the 'play' market has multiple vulnerabilities...

0.3AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:19 a.m.15 views

Mermaid Puzzles for Toddlers - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Mermaid Puzzles for Toddlers published at the 'play' market has multiple vulnerabilities...

0.6AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:17 a.m.16 views

The Little Mermaid - Base64 encoded String, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application The Little Mermaid published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder