114 matches found
Trix Editor Arbitrary Code Execution Vulnerability
The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...
GHSA-5CR9-5JX3-2G39 avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...
PT-2023-24674 · Avo · Avo
Name of the Vulnerable Software and Affected Versions: Avo affected versions not specified Description: The issue concerns some Avo fields being vulnerable to Cross Site Scripting XSS when rendering HTML-based content. Attackers need form edit privilege to exploit this vulnerability, but the...
GitLab: Content injection in Jira issue title enabling sending arbitrary POST request as victim
Summary The issue described here leads to the same outcome as my previous report, https://hackerone.com/reports/1409788 . So look into that one for further details on the JavaScript gadgets. Also see my report https://hackerone.com/reports/1481207 for a detailed rundown of injections in GitLab...
Cross-site Scripting (XSS)
trix is vulnerable to cross site scripting XSS attacks. The Trix editor allows the execution of Javsascript when the content that is copy and pasted from the clipboard into the editor contains HTML...
XML External Entity (XXE)
rdf4j-rio-trix is vulnerable to XML external entities XXE attacks. The library does not disable entities and document type declarations, allowing a malicious user to conduct an XXE injection attack...
Trix Complex - BSD license, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Trix Complex published at the 'play' market has multiple vulnerabilities...
Trix 2006 - Dynamic Code Loading, External URLs, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application Trix 2006 published at the 'play' market has multiple vulnerabilities...
Trix - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Trix published at the 'play' market has multiple vulnerabilities...
Jawaker Trix & Tarneeb - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Jawaker Trix & Tarneeb published at the 'play' market has multiple vulnerabilities...
Trix 3ala Rasi - BSD license, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Trix 3ala Rasi published at the 'play' market has multiple vulnerabilities...
Trix - BSD license, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Trix published at the 'play' market has multiple vulnerabilities...
Trix - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Trix published at the 'play' market has multiple vulnerabilities...