SQL Injection

Overview @payloadcms/db-vercel-postgres is a Vercel Postgres adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafte...

SQL Injection

Overview @payloadcms/drizzle is an A library of shared functions used by different payload database adapters Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user...

SQL Injection

Overview @payloadcms/db-d1-sqlite is a The officially supported D1 SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accoun...

EUVD-2024-2602

Malicious code in bioql PyPI...

XML External Entity (XXE) Injection

Overview ezsystems/ezplatform-richtext is a platform RichText Extension, including the RichText FieldType. Affected versions of this package are vulnerable to XML External Entity XXE Injection via fields of RichText field type, in DOMDocumentFactory. A user with edit permission can read server...

PT-2025-15998 · Packagist · Ibexa/Fieldtype-Richtext

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

RichText Field Type 安全漏洞

RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

CVE-2024-43369

CVE-2024-43369 affects Ibexa (ezplatform) RichText Field Type prior to 4.6.10. The validator blocked javascript: and vbscript: in links but could be bypassed with uppercase/case variants, enabling persistent XSS for users with content-editing permissions (typically Editor+). The issue is mitigate...

GHSA-HVCF-6324-CJH7 Persistent Cross-site Scripting in Ibexa RichText Field Type

Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...