4 matches found
UBUNTU-CVE-2026-59858
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...
mistune 跨站脚本漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Python format strings to insert id and text values into tags without proper HTML escapin...
EUVD-2025-203846
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
Joplin 跨站脚本漏洞
Joplin is an open source note-taking and to-do list application from the individual developer Laurent Cozic. A cross-site scripting vulnerability exists in Joplin version 3.0.13 that stems from processing HTML content without properly escaping or handling symbols, which allows cross-site scriptin...