Lucene search
K

23 matches found

OSV
OSV
added 2026/06/26 7:26 p.m.3 views

GHSA-4C8J-MGM4-QQVP Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing

Summary The remark42 image proxy fetches an arbitrary remote URL and re-serves the response from remark42's own origin. The download path decides whether the fetched resource is an image by looking only at the Content-Type header the remote server claims — it never inspects the actual bytes. The...

8.2CVSS7.5AI score0.00251EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 7:26 p.m.15 views

EUVD-2026-37511

Remark42: Cross-Site Scripting XSS on /api/v1/img via content-type spoofing...

8.2CVSS7.3AI score0.00251EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-48788

Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting XSS vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an arbitrary remote URL and...

8.2CVSS0.00251EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 10:29 p.m.19 views

CVE-2026-48788

CVE-2026-48788 affects Remark42 (versions 1.6.0–1.15.0). The known issue is a content-type spoofing-based XSS in the image proxy: during download the proxy checks Content-Type headers to decide if a resource is an image, but the serving phase sniffing can differ, leading to a mismatch that lets H...

8.2CVSS7.8AI score0.00251EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 10:29 p.m.3 views

CVE-2026-48788 Remark42: Cross-Site Scripting (XSS) on /api/v1/img via content-type spoofing

Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting XSS vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an arbitrary remote URL and...

8.2CVSS7.3AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50130

Name of the Vulnerable Software and Affected Versions Remark42 versions 1.6.0 through 1.15.0 Description Remark42 contains a Cross-Site Scripting XSS issue exploitable through content-type spoofing via the image proxy. The proxy fetches a remote URL and re-serves the response from its own origin....

8.2CVSS7.5AI score0.00251EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.8 views

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

7.5CVSS7AI score0.00586EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-15909

Malware in sbrugna...

6.1CVSS6.3AI score0.00793EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-50228

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00586EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.7 views

CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: LocatorURL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go...

6.1CVSS6AI score0.00793EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/23 9:15 p.m.5 views

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

7.5CVSS5.8AI score0.00586EPSS
Exploits1References3
NVD
NVD
added 2023/10/23 9:15 p.m.34 views

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

7.5CVSS7.6AI score0.00586EPSS
Exploits1References2
Prion
Prion
added 2023/10/23 9:15 p.m.17 views

Server side request forgery (ssrf)

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

5CVSS7.6AI score0.00586EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/23 12:0 a.m.15 views

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

7AI score0.00586EPSS
Exploits1References2
CVE
CVE
added 2023/10/23 12:0 a.m.55 views

CVE-2023-45966

The CVE-2023-45966 entry concerns umputun remark42 (versions 1.12.1 and earlier) with a Blind Server-Side Request Forgery (SSRF) vulnerability. Affected component: remark42; root cause is SSRF that is not fully exposed in the provided details. Impact per CVSS indicates high confidentiality impact...

7.5CVSS7.6AI score0.00586EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.4 views

PT-2023-29777 · Umputun · Remark42

Name of the Vulnerable Software and Affected Versions: umputun remark42 versions 1.12.1 and before Description: The issue is related to a Blind Server-Side Request Forgery SSRF vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or...

7.5CVSS7AI score0.00586EPSS
Exploits1References7
Cvelist
Cvelist
added 2023/10/23 12:0 a.m.34 views

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

7.8AI score0.00586EPSS
Exploits1References2
OSV
OSV
added 2023/10/23 12:0 a.m.29 views

CVE-2023-45966

umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery SSRF vulnerability...

7.5CVSS7.2AI score0.00586EPSS
Exploits1References4
NVD
NVD
added 2021/03/27 6:15 p.m.20 views

CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: LocatorURL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go...

6.1CVSS0.00793EPSS
Exploits0References2
OSV
OSV
added 2021/03/27 6:15 p.m.17 views

CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: LocatorURL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go...

6.1CVSS6AI score
Exploits0References2
Rows per page
Query Builder