PT-2024-18839 · WordPress · Luckywp Table Of Contents

Name of the Vulnerable Software and Affected Versions: LuckyWP Table of Contents plugin for WordPress versions up to, and including, 2.1.4 Description: The issue is related to Reflected Cross-Site Scripting via the attrs parameter due to insufficient input sanitization and output escaping. This...

LuckyWP Table of Contents <= 2.1.4 - Reflected Cross-Site Scripting

Description The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress TOP Table Of Contents plugin <= 1.3.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin TOP Table Of Contents versions = 1.3.15...

WordPress TOP Table Of Contents Plugin <= 1.3.15 is vulnerable to Cross Site Request Forgery (CSRF)

Software TOP Table Of Contents Type Plugin Vulnerable versions = 1.3.15 Fixed in 1.3.16 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b11059e9c542 Credits Dhabaleshwa...

BIT-JUPYTER-BASE-NOTEBOOK-2024-22420 Stored cross site scripting in Markdown Preview in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

Fedora: Security Advisory for atril (FEDORA-2024-59a7d96d84)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-Site Scripting

jupyterlab is vulnerable to Cross-Site Scripting. The vulnerability is due to there is no sanitization and escaping for markdown content, specifically in the Table of Contents extension. This allows an attacker to execute malicious scripts when a user previewed a markdown file...

CVE-2024-22420

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

DEBIAN-CVE-2024-22420

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

CVE-2024-22420 Stored cross site scripting in Markdown Preview in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

GHSA-4M77-CMPX-VJC4 JupyterLab vulnerable to SXSS in Markdown Preview

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

PT-2024-19411 · Unknown · Jupyterlab

Name of the Vulnerable Software and Affected Versions: JupyterLab versions prior to 4.0.11 Description: This issue depends on user interaction by opening a malicious Markdown file using JupyterLab's preview feature. A malicious user can access any data that the attacked user has access to and...

Essential Blocks < 4.4.7 - Contributor+ Stored Cross-Site Scripting

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2023-7071

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2023-7071 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possib...

PT-2024-15199 · WordPress · The Essential Blocks – Page Builder Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.4.6 Description: The issue is related to Stored Cross-Site Scripting via the Table of Contents block due to...

Table of Contents Plus < 2309 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Table of Contents Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2302 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2023-44473

Cross-Site Request Forgery CSRF vulnerability in Michael Tran Table of Contents Plus plugin = 2302 versions...

CVE-2023-44473

Cross-Site Request Forgery CSRF vulnerability in Michael Tran Table of Contents Plus plugin = 2302 versions...