CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Veracode•added 2025/12/13 7:54 a.m.•4 views

Cross-site Scripting (XSS)

prosemirrortohtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper escaping of HTML attribute values, which allows an attacker to inject and execute arbitrary JavaScript code through crafted input...

7.6CVSS6.1AI score0.00027EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2025/11/13 10:59 p.m.•2 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

5.9AI score

Exploits0References6Affected Software1

OSV•added 2025/11/13 10:59 p.m.•3 views

GHSA-4249-GJR8-JPQ3 Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

8.7CVSS5.9AI score

Exploits0References6

RedhatCVE•added 2025/11/11 10:44 p.m.•1 views

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.7AI score0.00027EPSS

Exploits0References1

NVD•added 2025/11/10 10:15 p.m.•1 views

CVE-2025-64501

7.6CVSS0.00027EPSS

Exploits0References2

Cvelist•added 2025/11/10 9:37 p.m.•4 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

7.6CVSS0.00027EPSS

Exploits0References2

OSV•added 2025/11/10 9:37 p.m.•1 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

7.6CVSS5.7AI score0.00027EPSS

Exploits0References4

Positive Technologies•added 2025/11/10 12:0 a.m.•4 views

PT-2025-46205

Name of the Vulnerable Software and Affected Versions ProsemirrorToHtml versions 0.2.0 and below Description The prosemirror to html gem contains a flaw that allows for Cross-Site Scripting XSS attacks. This is due to improper handling of HTML attribute values during the conversion of...

7.6CVSS5.7AI score0.00027EPSS

Exploits0References5

Github Security Blog•added 2025/11/07 11:17 p.m.•5 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

6.8AI score

Exploits0References5Affected Software1

Positive Technologies•added 2025/11/07 12:0 a.m.•1 views

PT-2025-45529

🔴 prosemirror to html, Cross-Site Scripting, CVE-2024-23632 Critical https://t.co/OV9qAIWr8i...

6.9AI score

Exploits0References1

Github Security Blog•added 2025/11/06 3:44 p.m.•4 views

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

7.6CVSS5.9AI score0.00027EPSS

Exploits0References7Affected Software1

OSV•added 2025/11/06 3:44 p.m.•1 views

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

7.6CVSS5.9AI score0.00027EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by