10 matches found
Cross-site Scripting (XSS)
@tiptap/extension-link is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user input in link-setting functionality, allowing attackers to inject javascript: URLs that execute arbitrary JavaScript when interacted with...
GHSA-VHRC-HGRQ-X75R @tiptap/extension-link vulnerable to Cross-site Scripting (XSS)
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...
@10play/tentap-editor (>=0.5.27 <=0.7.5-alpha.0), @adminjs/design-system (>=3.0.0 <=4.0.3) +126 more potentially affected by CVE-2025-14284 via @tiptap/extension-link (>=2.0.0-beta.18 <=2.10.3)
@tiptap/extension-link NPM version =2.0.0-beta.18, =0.5.27, =3.0.0, =0.4.1, =3.0.0-alpha.1, =0.0.1, =0.2.1, =0.2.0, =0.1.0, =0.28.0, =3.4.0, =1.2.0, =0.0.3, =0.4.1 and more Source cves: CVE-2025-14284 Source advisory: OSV:GHSA-VHRC-HGRQ-X75R...
@tiptap/extension-link vulnerable to Cross-site Scripting (XSS)
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...
CVE-2025-14284
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...
CVE-2025-14284
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...
CVE-2025-14284
Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by injecting a javascript: URL payload in...
PT-2025-49800
Name of the Vulnerable Software and Affected Versions @tiptap/extension-link versions prior to 2.10.4 Description The @tiptap/extension-link package is susceptible to Cross-site Scripting XSS because of unsanitized user input when setting or toggling links. An attacker can inject a javascript: UR...
CVE-2025-61102
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...
@10play/tentap-editor (>=0.5.27 <=0.7.5-alpha.0), @adminjs/design-system (>=3.0.0 <=4.0.3) +126 more potentially affected by CVE-2025-14284 via @tiptap/extension-link (>=2.0.0-beta.18 <=2.10.3)
@tiptap/extension-link NPM version =2.0.0-beta.18, =0.5.27, =3.0.0, =0.4.1, =3.0.0-alpha.1, =0.0.1, =0.2.1, =0.2.0, =0.1.0, =0.28.0, =3.4.0, =1.2.0, =0.0.3, =0.4.1 and more Source cves: CVE-2025-14284 Source advisory: SNYK:JS-TIPTAPEXTENSIONLINK-14222197...