CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

Veracode•added 2025/12/13 7:54 a.m.•4 views

Cross-site Scripting (XSS)

prosemirrortohtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of HTML attribute values, which allows an attacker to inject and execute arbitrary JavaScript code through crafted input...

7.6CVSS6.1AI score0.00027EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2025/11/13 10:59 p.m.•3 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

5.9AI score

Exploits0References6Affected Software1

OSV•added 2025/11/13 10:59 p.m.•3 views

GHSA-4249-GJR8-JPQ3 Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

8.7CVSS5.9AI score

Exploits0References6

RedhatCVE•added 2025/11/11 10:44 p.m.•1 views

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.7AI score0.00027EPSS

Exploits0References1

NVD•added 2025/11/10 10:15 p.m.•1 views

CVE-2025-64501

7.6CVSS0.00027EPSS

Exploits0References2

Cvelist•added 2025/11/10 9:37 p.m.•4 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

7.6CVSS0.00027EPSS

Exploits0References2

OSV•added 2025/11/10 9:37 p.m.•1 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

7.6CVSS5.7AI score0.00027EPSS

Exploits0References4

Positive Technologies•added 2025/11/10 12:0 a.m.•4 views

PT-2025-46205

Name of the Vulnerable Software and Affected Versions ProsemirrorToHtml versions 0.2.0 and below Description The prosemirror to html gem contains a flaw that allows for Cross-Site Scripting XSS attacks. This is due to improper handling of HTML attribute values during the conversion of...

7.6CVSS5.7AI score0.00027EPSS

Exploits0References5

Github Security Blog•added 2025/11/07 11:17 p.m.•5 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

6.8AI score

Exploits0References5Affected Software1

Positive Technologies•added 2025/11/07 12:0 a.m.•2 views

PT-2025-45529

🔴 prosemirror to html, Cross-Site Scripting, CVE-2024-23632 Critical https://t.co/OV9qAIWr8i...

6.9AI score

Exploits0References1

Github Security Blog•added 2025/11/06 3:44 p.m.•4 views

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

7.6CVSS5.9AI score0.00027EPSS

Exploits0References7Affected Software1

OSV•added 2025/11/06 3:44 p.m.•1 views

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

7.6CVSS5.9AI score0.00027EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-38547

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00175EPSS

Exploits1References1

OSV•added 2025/01/30 4:55 p.m.•4 views

MAL-2025-651 Malicious code in ember-super-prosemirror (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 258b229e7fc629055a74b829ee28b761e137f5d9ad4345ebec8702b651baf88e Any computer that has this package installed or running should be considered...

7AI score

Exploits0References3

OSSF Malicious Packages•added 2025/01/30 4:55 p.m.•3 views

Malicious code in ember-super-prosemirror (npm)

6.8AI score

Exploits0References3

NVD•added 2024/07/16 5:15 p.m.•16 views

CVE-2024-40626

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

7.3CVSS0.00175EPSS

Exploits1References1

Cvelist•added 2024/07/16 5:3 p.m.•47 views

CVE-2024-40626 Stored Cross-site Scripting (XSS) vulnerability in Outline editor

7.3CVSS0.00175EPSS

Exploits1References1

Vulnrichment•added 2024/07/16 5:3 p.m.•14 views

CVE-2024-40626 Stored Cross-site Scripting (XSS) vulnerability in Outline editor

7.3CVSS5.7AI score0.00175EPSS

Exploits1References1

CVE•added 2024/07/16 5:3 p.m.•49 views

CVE-2024-40626

Outline is affected by a Stored Cross-Site Scripting (XSS) vulnerability caused by a type confusion in ProseMirror’s rendering path. An authenticated user can embed a malicious payload in a document, which executes in other users’ browsers when the document is viewed. The CSP protections can be b...

7.3CVSS6.3AI score0.00175EPSS

Exploits1References1Affected Software1

OSV•added 2024/07/16 5:3 p.m.•2 views

CVE-2024-40626 Stored Cross-site Scripting (XSS) vulnerability in Outline editor

7.3CVSS5.3AI score0.00175EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by