Lucene search
K

70 matches found

NVD
NVD
added 2023/06/09 6:15 p.m.42 views

CVE-2023-34245

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

8.1CVSS8AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 5:4 p.m.45 views

CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

8.1CVSS8.2AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:4 p.m.61 views

CVE-2023-34245

The CVE-2023-34245 issue affects @udecode/plate-link, the link handler for the Plate editor (Slate/React). Affected versions allow JavaScript: URLs to be rendered into the DOM due to inadequate URL sanitization, enabling potential XSS through links inserted by various means. The patch in plate-li...

8.1CVSS7AI score0.00445EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/09 5:4 p.m.40 views

CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2020/10/27 11:34 a.m.22 views

Reverse-Engineering the Redactions in the Ghislaine Maxwell Deposition

Slate magazine was able to cleverly read the Ghislaine Maxwell deposition and reverse-engineer many of the redacted names. Weve long known that redacting is hard in the modern age, but most of the failures to date have been a result of not realizing that covering digital text with a black bar...

0.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/10/09 1:29 p.m.7 views

slate-export.com Cross Site Scripting vulnerability OBB-1393249

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/07/30 2:3 p.m.4 views

@albalyu/npm-scripts (>=2.0.1 <=2.0.40), @opuscapita/eslint-config-opuscapita-bnapp (>=1.0.1 <=1.0.6) +7 more potentially affected by CVE-2020-36632 via flat (=3.0.0)

flat NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @albalyu/npm-scripts =2.0.1, =1.0.1, =2.2.1, =2.0.0, =0.0.1-beta.2, =4.0.1, =0.3.0-beta.16, =0.3.0-beta.83 Source cves: CVE-2020-36632 Source advisory:...

9.8CVSS6.7AI score0.01107EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2019/08/27 5:43 p.m.5 views

@idearium/cli (>=1.0.0 <=4.3.0-beta.0), @stoplight/command (>=0.0.11-1 <=0.0.24) +27 more potentially affected by CVE-2019-10747 via set-value (=3.0.0)

set-value NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @idearium/cli =1.0.0, =0.0.11-1, =0.0.11-29, =0.0.11-1, =0.0.11-1, =0.0.11-1, =0.0.18, =0.0.11-1, =0.0.11-1, =0.0.11-30, =0.0.11-1, =0.0.18,...

9.8CVSS7.1AI score0.02475EPSS
Exploits1
ThreatPost
ThreatPost
added 2017/09/01 9:0 a.m.16 views

US Government Site Was Hosting Ransomware

As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s...

0.1AI score
Exploits0References14
ThreatPost
ThreatPost
added 2017/03/22 1:45 p.m.13 views

Blank Slate Campaign Pushes Cerber Ransomware

Criminals are breathing new life into Cerber ransomware with a stubborn spam campaign called Blank Slate that is successfully abusing hosting providers to spread the malware. Researchers at the SANS Internet Storm Center said the campaign has shifted from spreading Sage 2.0 and Locky ransomware, ...

7.1AI score
Exploits0References5
Rows per page
Query Builder