16 matches found
EUVD-2020-19700
Malware in sbrugna...
CVE-2020-27176
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...
Cross Site Scripting(XSS)
summernote is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation and sanitization of user-provided content, allowing malicious scripts to be executed within the context of the application when viewed in code mode...
CVE-2023-51246
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
Cross site scripting
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
CVE-2023-51246
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
CVE-2023-51246
A Cross Site Scripting XSS vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page...
PT-2024-14078 · Unknown · Getsimple Cms
Name of the Vulnerable Software and Affected Versions: GetSimple CMS version 3.3.16 Description: A Cross Site Scripting XSS issue exists when using Source Code Mode as a backend user to add articles via the "/admin/edit.php" page. Recommendations: For GetSimple CMS version 3.3.16, consider...
CVE-2023-51246
CVE-2023-51246 concerns GetSimple CMS 3.3.16 where an XSS exists when a backend user adds articles via /admin/edit.php with Source Code Mode active. The root cause is inadequate filtering/escaping of user-supplied data during article creation, leading to arbitrary script execution. Affected produ...
Cross-Site Scripting in CKEditor4 WordCount Plugin
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...
CVE-2023-37905 Cross-site Scripting (XSS) in Source Mode of Editor in ckeditor-wordcount-plugin
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the...
Cross-site Scripting (XSS)
ckeditor-wordcount-plugin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the strip function at plugin.js when switching to the source code mode which allows an attacker to inject and execute arbitrary javascript...
CVE-2020-27176
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...
CVE-2020-27176
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...
Design/Logic Flaw
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...
CVE-2020-27176
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...