11 matches found
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-11621 Dcat-Admin User Setting upload editorMDUpload unrestricted upload
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
dcat-admin 访问控制错误漏洞
dcat-admin is a backend system building tool based on Laravel, developed by Jiang Qinghua. Versions of Dcat-Admin 2.2.3-beta and earlier contain an access control vulnerability. This vulnerability stems from the editorMDUpload function in /admin/dcat-api/editor-md/upload, which allows unlimited...
WordPress plugin WP Editor.md – The Perfect WordPress Markdown Editor 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin WP Editor.md - A cross-site scripting...
PT-2023-22350 · Pandao · Editor.Md
Name of the Vulnerable Software and Affected Versions: pandao editor.md versions 1.5.0 and earlier Description: The issue allows attackers to inject arbitrary web script or HTML via crafted markdown text, which can lead to Cross Site Scripting XSS attacks. This enables attackers to execute...
editor.md 跨站脚本漏洞
Editor.md is an open source embedded online Markdown a markup language editor. A security vulnerability exists in pandao editor.md version 1.5.0 and earlier, which stems from a cross-site scripting XSS vulnerability that allows attackers to inject arbitrary Web script or HTML...
GHSA-X65C-4FGJ-5FC3 Cross-site Scripting in pandao
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element...
@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2019-9737 via editor.md (=1.5.0)
editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2019-9737 Source advisory:...
@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-19056 via editor.md (=1.5.0)
editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-19056 Source advisory:...