EUVD-2022-0966

Malicious code in bioql PyPI...

EUVD-2022-29603

Malicious code in bioql PyPI...

Wire cross-site scripting vulnerability (CNVD-2022-31755)

Wire is a chat program from the German company Wire. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A cross-site scripting vulnerability exists in the Wire webapp, which stems fr...

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

Cross-Site Scripting (XSS)

markdown-it-highlightjs is vulnerable to Cross-Site Scripting XSS. An attacker is able to inject and execute arbitrary JavaScript in a user's browser via the lang parameter in the code highlighting feature...

Valeriangalliat Markdown It Highlightjs Cross-Site Scripting Vulnerability

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773

This CVE affects the JavaScript package markdown-it-highlightjs before version 3.3.1 . The vulnerability stems from the ability to inject malicious JavaScript through the lang value used in the package’s inline code highlighting feature, enabling XSS in affected renderings (example payload shown ...

Cross-site Scripting (XSS)

Overview markdown-it-highlightjs is a Preset to use highlight.js with markdown-it. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const...

Valeriangalliat Markdown It Highlightjs 跨站脚本漏洞

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

CherryTree Memory Corruption Vulnerability

CherryTree is a note-taking software that supports unlimited levels of categorization, written in Python, rich text editing and code highlighting support, and supports Linux and Windows platforms. A memory corruption vulnerability exists in CherryTree version 0.36.9, which can be exploited by an...

ThinkPHP the Ubb tag vulnerability to read arbitrary contents of the-vulnerability warning-the black bar safety net

Brief description: ThinkPHP the Ubb tags, there is a code highlighting function, that satisfies: xxx/c odeorp hpxxx/p hpwhen it comes to the middle of the xxx to read, and highlight, the xxx is the path, and the non-specific code, as in Figure 1,The input path, when the file exists, the return is...