7 matches found
EUVD-2024-2743
Malicious code in bioql PyPI...
CVE-2024-47061
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
Cross-site Scripting (XSS)
@udecode/plate-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of custom DOM attributes passed through the attributes property, allowing attackers to inject malicious code via attributes like href and src, or to expose users' IP addresses by causing...
CVE-2024-47061
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-47061
The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...