13 matches found
EUVD-2025-7347
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
ContentTools is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the onload argument in the Image Handler component, allowing an attacker to exploit it...
CVE-2025-2699
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
Cross-site Scripting (XSS)
Overview org.webjars.bower:ContentTools is an A JS library for building WYSIWYG editors for HTML content Affected versions of this package are vulnerable to Cross-site Scripting XSS via the onload attribute in img that allows attackers to inject malicious Javascript code. Details Cross-site...
Cross-site Scripting (XSS)
Overview org.webjars.npm:ContentTools is an A JS library for building WYSIWYG editors for HTML content Affected versions of this package are vulnerable to Cross-site Scripting XSS via the onload attribute in img that allows attackers to inject malicious Javascript code. Details Cross-site scripti...
GetmeUK ContentTools Cross-Site Scripting (XSS)
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
GHSA-4F2V-2GPQ-QHJG GetmeUK ContentTools Cross-Site Scripting (XSS)
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
CVE-2025-2699
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
CVE-2025-2699
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
CVE-2025-2699 GetmeUK ContentTools Image cross site scripting
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
CVE-2025-2699 GetmeUK ContentTools Image cross site scripting
A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The...
CVE-2025-2699
CVE-2025-2699 affects GetmeUK ContentTools (up to version 1.6.16). The root cause is a cross-site scripting (XSS) vulnerability in the Image Handler component triggered by manipulation of the onload argument, allowing remote exploitation. Public exploit information exists. Affected environments a...
ContentTools 代码注入漏洞
ContentTools is a getme open source JS library for building WYSIWYG editors for HTML content. A code injection vulnerability exists in ContentTools 1.6.16 and earlier versions, which stems from a cross-site scripting attack and could lead to a remote attack...