Lucene search
K

31 matches found

euvd
euvd
added 2026/06/25 12:33 a.m.3 views

EUVD-2026-39100

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References5
snyk
snyk
added 2026/06/24 11:17 p.m.3 views

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the Link::isAllowedUri function when processing Tiptap JSON containing an attrs.href field set to an array instead of a string. An attacker can cause persistent server-side crashes by...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References2
nvd
nvd
added 2026/06/24 10:16 p.m.7 views

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS0.00305EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/24 9:21 p.m.17 views

CVE-2026-47110 Tiptap for PHP < 2.1.1 DoS via Malformed href Attribute

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS0.00305EPSS
Exploits0References4
cve
cve
added 2026/06/24 9:21 p.m.14 views

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability: if attrs.href is submitted as an array in Tiptap JSON, Link::isAllowedUri() can trigger an unhandled TypeError during preg_match(), crashing the server-side HTML rendering pipeline for all subsequent viewers of that r...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/24 9:21 p.m.5 views

CVE-2026-47110

Tiptap for PHP before version 2.1.1 contains an input validation vulnerability that allows authenticated attackers to cause a denial of service by submitting Tiptap JSON with the attrs.href field set to an array instead of a string, causing an unhandled TypeError in the Link::isAllowedUri functio...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References5
github
github
added 2026/03/02 7:51 p.m.12 views

NocoDB Vulnerable to Stored Cross-site Scripting via Rich Text Field

Summary An authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. Details The TipTap editor sanitizes HTML client-side, but the backend stores raw HTML without server-side sanitization. The stored content...

5.4CVSS6AI score0.00147EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/03/02 5:16 p.m.8 views

CVE-2026-28359

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3...

5.4CVSS0.00147EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/02 12:0 a.m.7 views

PT-2026-22630

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap editor and sending raw HTML via the API. This issue has been patched in version 0.301.3...

5.3CVSS5.9AI score0.00147EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/17 8:7 a.m.4 views

CVE-2025-14284

A flaw was found in @tiptap/extension-link. This vulnerability allows an attacker to execute arbitrary JavaScript JS code via unsanitized user input when setting or toggling links, by injecting a javascript: Uniform Resource Locator URL payload. Mitigation Mitigation for this issue is either not...

6.1CVSS6.8AI score0.00314EPSS
Exploits1References7
veracode
veracode
added 2025/12/11 1:41 p.m.8 views

Cross-site Scripting (XSS)

@tiptap/extension-link is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user input in link-setting functionality, allowing attackers to inject javascript: URLs that execute arbitrary JavaScript when interacted with...

6.1CVSS6.7AI score0.00314EPSS
Exploits1References4Affected Software1
euvd
euvd
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201879

@tiptap/extension-link vulnerable to Cross-site Scripting XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits1References5
vulnersosv
vulnersosv
added 2025/12/09 6:30 p.m.11 views

@10play/tentap-editor (>=0.5.27 <=0.7.5-alpha.0), @adminjs/design-system (>=3.0.0 <=4.0.3) +131 more potentially affected by CVE-2025-14284 via @tiptap/extension-link (>=2.0.0-beta.18 <=2.10.3)

@tiptap/extension-link NPM version =2.0.0-beta.18, =0.5.27, =3.0.0, =0.4.1, =3.0.0-alpha.1, =0.0.1, =0.2.1, =0.2.0, =0.1.0, =0.28.0, =3.4.0, =1.2.0, =0.0.3, =0.4.1 and more Source cves: CVE-2025-14284 Source advisory: OSV:GHSA-VHRC-HGRQ-X75R...

6.1CVSS5.4AI score0.00314EPSS
Exploits1
osv
osv
added 2025/12/09 6:30 p.m.6 views

GHSA-VHRC-HGRQ-X75R @tiptap/extension-link vulnerable to Cross-site Scripting (XSS)

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

6.1CVSS6.6AI score0.00314EPSS
Exploits1References6
nvd
nvd
added 2025/12/09 4:17 p.m.5 views

CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

6.1CVSS0.00314EPSS
Exploits1References4
cvelist
cvelist
added 2025/12/09 5:0 a.m.35 views

CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

6.1CVSS0.00314EPSS
Exploits1References4
osv
osv
added 2025/12/09 5:0 a.m.3 views

CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

5.1CVSS6.6AI score0.00314EPSS
Exploits1References6
vulnrichment
vulnrichment
added 2025/12/09 5:0 a.m.4 views

CVE-2025-14284

Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...

6.1CVSS6.3AI score0.00314EPSS
Exploits1References4
cve
cve
added 2025/12/09 5:0 a.m.12 views

CVE-2025-14284

The CVE-2025-14284 entry applies to the @tiptap/extension-link package, specifically versions before 2.10.4. The issue is Cross-site Scripting (XSS) caused by unsanitized user input when setting or toggling links, allowing an attacker to inject a javascript: URL payload that can execute arbitrary...

6.1CVSS6.3AI score0.00314EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2025/12/09 12:0 a.m.3 views

Tiptap Editor 安全漏洞

Tiptap Editor is an open source text editor framework from Tiptap. A security vulnerability exists in Tiptap Editor versions prior to 2.10.4 that stems from uncleaned user input and could lead to a cross-site scripting attack...

6.1CVSS5.8AI score0.00314EPSS
Exploits1References4
Rows per page
Query Builder