9 matches found
EUVD-2024-2136
Malicious code in bioql PyPI...
CVE-2024-38527
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. The comment feature allows the use...
CVE-2024-38527 Cross-site Scripting in ZenUML
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. The comment feature allows the use...
CVE-2024-38527 Cross-site Scripting in ZenUML
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. The comment feature allows the use...
CVE-2024-38527 Cross-site Scripting in ZenUML
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. The comment feature allows the use...
CVE-2024-38527
CVE-2024-38527 affects ZenUML, a JavaScript-based diagram tool that renders Markdown-inspired diagram definitions. The vulnerability arises from unsanitized Markdown comments in the ZenUML diagram syntax, allowing attacker-controlled comments to trigger Cross-site Scripting (XSS) when diagrams ar...
Cross-site Scripting in ZenUML
Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...
GHSA-Q6XV-JM4V-349H Cross-site Scripting in ZenUML
Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...
ZenUML Security Vulnerabilities
ZenUML is a JavaScript-based charting tool open-sourced by ZenUML. A security vulnerability exists in ZenUML prior to version 3.23.25 that stems from Markdown text that is currently not cleaned up prior to rendering, allowing an attacker to enter a malicious load for annotations that could lead t...