Lucene search
K

4 matches found

OSV
OSV
added 2025/11/10 9:37 p.m.5 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.7AI score0.00216EPSS
Exploits0References4
NVD
NVD
added 2025/08/21 4:15 p.m.8 views

CVE-2025-55744

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. This vulnerability is fixed in 0.2.1...

8.2CVSS0.00143EPSS
Exploits1References2
OSV
OSV
added 2025/08/21 3:51 p.m.4 views

CVE-2025-55744 UnoPim vulnerable to CSRF on Product edit feature and creation of other types

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery CSRF. This vulnerability is fixed in 0.2.1...

8.2CVSS6.6AI score0.00143EPSS
Exploits1References4
OSV
OSV
added 2020/05/28 7:15 p.m.15 views

CVE-2020-11079

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

9.8CVSS9.9AI score
Exploits0References2
Rows per page
Query Builder