3 matches found
mistune 跨站脚本漏洞
Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune prior to 3.2.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Python format strings to insert id and text values into tags without proper HTML escapin...
EUVD-2025-203846
Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...
Joplin 跨站脚本漏洞
Joplin is an open source note-taking and to-do list application from the individual developer Laurent Cozic. A cross-site scripting vulnerability exists in Joplin version 3.0.13 that stems from processing HTML content without properly escaping or handling symbols, which allows cross-site scriptin...