CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...

6.9CVSS5.9AI score0.00751EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:29 p.m.•1 views

CVE-2022-1112

The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack...

5.4CVSS5.7AI score0.00085EPSS

Exploits1References1

NVD•added 2024/12/06 10:15 p.m.•14 views

CVE-2024-54138

6.9CVSS0.00751EPSS

Exploits0References2

Cvelist•added 2024/12/06 9:56 p.m.•20 views

CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

6.9CVSS0.00751EPSS

Exploits0References2

Vulnrichment•added 2024/12/06 9:56 p.m.•12 views

CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

6.9CVSS6.1AI score0.00751EPSS

Exploits0References2

CVE•added 2024/12/06 9:56 p.m.•48 views

CVE-2024-54138

CVE-2024-54138 describes an XSS vulnerability in NuGet Gallery’s Markdown autolinks handling. The issue stems from inadequate sanitization of autolinks (JavaScript in standard links is filtered, but autolinks aren’t), enabling potential cross-site scripting. The vulnerability has been fixed in ve...

6.9CVSS5.6AI score0.00751EPSS

Exploits0References2Affected Software1

OSV•added 2024/12/06 9:56 p.m.•2 views

CVE-2024-54138 XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing

6.9CVSS5.9AI score0.00751EPSS

Exploits0References4

Positive Technologies•added 2024/12/06 12:0 a.m.•2 views

PT-2024-36066 · Microsoft · Nuget Gallery

Name of the Vulnerable Software and Affected Versions: NuGet Gallery versions prior to 2024.12.06 Description: The NuGet Gallery has a security issue related to its handling of autolinks in Markdown content. Although the platform properly filters out JavaScript from standard links, it does not...

6.9CVSS6.3AI score0.00751EPSS

Exploits0References6

Cvelist•added 2024/06/12 2:27 p.m.•21 views

CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting

6.1CVSS0.00498EPSS

Exploits0References3

OSV•added 2024/06/12 2:27 p.m.•13 views

CVE-2024-37304 NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting

6.1CVSS5.6AI score0.00498EPSS

Exploits0References5

CVE•added 2024/06/12 2:27 p.m.•41 views

CVE-2024-37304

CVE-2024-37304 concerns NuGetGallery, the NuGet.org frontend/back-end, where Markdown autolinks were not properly sanitized. The vulnerability allows XSS via autolinks such as , since autolinks can be rendered with insufficient sanitization despite standard JavaScript link filtering. A patch was ...

6.1CVSS6AI score0.00498EPSS

Exploits0References3Affected Software1

OSV•added 2023/11/13 1:15 a.m.•0 views

CVE-2023-46625

Cross-Site Request Forgery CSRF vulnerability in DAEXT Autolinks Manager plugin = 1.10.04 versions...

8.8CVSS7.3AI score

Exploits0References1

NVD•added 2023/11/13 1:15 a.m.•15 views

CVE-2023-46625

Cross-Site Request Forgery CSRF vulnerability in DAEXT Autolinks Manager plugin = 1.10.04 versions...

8.8CVSS0.00074EPSS

Exploits0References1