9 matches found
CVE-2024-42515
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...
Cross-Site Scripting (XSS)
Glossarizer is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly converting encoded special characters into legitimate HTML, allowing attackers to inject a malicious XSS payload into a glossary entry...
Glossarizer Cross-site Scripting vulnerability
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...
GHSA-HHHV-GGJX-Q9J2 Glossarizer Cross-site Scripting vulnerability
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...
CVE-2024-42515
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...
CVE-2024-42515
CVE-2024-42515 affects Glossarizer (1.5.2 and earlier). The vulnerability arises when correctly escaping characters is bypassed because the underlying library converts encoded characters into real HTML, enabling stored XSS via appending a payload to a glossary entry. Affected component is Glossar...
CVE-2024-42515
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...
CVE-2024-42515
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...
npm Glossarizer 安全漏洞
npm Glossarizer is a small jquery plugin from npm USA that automatically tags glossary terms on a page. A security vulnerability exists in Glossarizer 1.5.2 and earlier versions, which stems from improper input neutralization during page generation and is vulnerable to stored cross-site scripting...