71 matches found
Malicious code in slate-liquid-asset-loader (npm)
The package slate-liquid-asset-loader was found to contain malicious code...
CVE-2023-30963
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...
CVE-2023-30949
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...
Malicious code in rich-text-slate-rc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1974a05b4def032650d8412ad77b9ee7b6e530942c4a3ccb90e9c07d5b58830a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-10780 Malicious code in rich-text-slate-rc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1974a05b4def032650d8412ad77b9ee7b6e530942c4a3ccb90e9c07d5b58830a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-47061
The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...
Malicious code in grafana__slate-react (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2434 Malicious code in grafana__slate-react (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2023-30949
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...
Input validation
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...
CVE-2023-30949 CVE-2023-30949
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...
CVE-2023-30949 CVE-2023-30949
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks...
CVE-2023-30949
CVE-2023-30949 affects Slate before version 6.207.0, tied to a missing origin validation in the Slate sandbox that could allow a malicious user to modify page content, enabling phishing. The vulnerability stems from sandbox origin checks and, per multiple sources, impacts Slate’s WYSIWYG web app ...
PT-2023-23079 · Slate · Slate
Name of the Vulnerable Software and Affected Versions: Slate affected versions not specified Description: A missing origin validation in the Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks. Recommendations: At the moment, the...
Slate 访问控制错误漏洞
slate is an extensible WYSIWYG web application from slate for quickly creating interactive, data-driven web pages. A security vulnerability exists in Slate versions prior to 6.207.0, which stems from a lack of source validation in the sandbox that could be exploited by a malicious user to modify...
CVE-2023-30963
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...
CVE-2023-30963
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...
CVE-2023-30963 Stored XSS in Foundry Slate Query Dropdown menu
A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further...
CVE-2023-30963
CVE-2023-30963 describes a Stored XSS vulnerability in Palantir Foundry Frontend (Slate component) that could be exploited if CSP protections were bypassed. Affected software is Foundry Frontend; the root cause is an XSS weakness in Slate dropdown handling when CSP is not properly enforced. The v...