EUVD-2022-0966

Malicious code in bioql PyPI...

CVE-2019-12934

An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljsadditionalcss parameter...

WordPress wp-code-highlightjs plugin <= 0.6.3 - Malicious Polyfill.io Embed vulnerability

Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin wp-code-highlightjs versions = 0.6.3...

Malicious code in highlighjtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89392e404d8e54d10e6ed43abbd5ba46eadb858ed9610e623f9f19c6a25761ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), asimplemde (=1.0.0) +22 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=1.1.2 <=3.3.0)

markdown-it-highlightjs NPM version =1.1.2, =3.0.0, =0.7.0, =0.2.2, =1.0.0, =1.0.0, =0.2.0, =0.1.0, =0.0.11, =1.0.0, =0.0.3, =0.6.0, =0.16.0 - norska-cloudinary =0.9.18 and more Source cves: CVE-2020-7773 Source advisory: OSV:GHSA-F246-XRRJ-G8J6...

Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

GHSA-F246-XRRJ-G8J6 Cross-site Scripting in markdown-it-highlightjs

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. js const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

GHSA-7WWV-VH3V-89CQ ReDOS vulnerabities: multiple grammars

Impact: Potential ReDOS vulnerabilities exponential and polynomial RegEx backtracking oswasp: The Regular expression Denial of Service ReDoS is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very...

Highlightjs Security Vulnerability

Highlightjs is a syntax highlighting tool written in JavaScript by the Highlightjs team. It is available on both browsers and servers, does not depend on any framework, and has automatic language detection. A security vulnerability exists in Highlightjs version 9.18.2 and versions prior to 10.1.2...

Valeriangalliat Markdown It Highlightjs Cross-Site Scripting Vulnerability

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

Code injection

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773 Cross-site Scripting (XSS)

This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require"markdown-it-highlightjs"; const md = require'markdown-it'; const...

CVE-2020-7773

This CVE affects the JavaScript package markdown-it-highlightjs before version 3.3.1 . The vulnerability stems from the ability to inject malicious JavaScript through the lang value used in the package’s inline code highlighting feature, enabling XSS in affected renderings (example payload shown ...

Cross-site Scripting (XSS)

Overview markdown-it-highlightjs is a Preset to use highlight.js with markdown-it. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const...

@wulechuan/generate-html-via-markdown (>=3.0.0 <=3.0.1), norska (>=0.6.0 <=0.16.0) +3 more potentially affected by CVE-2020-7773 via markdown-it-highlightjs (>=3.0.0 <=3.3.0)

markdown-it-highlightjs NPM version =3.0.0, =3.0.0, =0.6.0, =0.6.0, =0.2.2, =0.2.4 Source cves: CVE-2020-7773 Source advisory: SNYK:JS-MARKDOWNITHIGHLIGHTJS-1040461...

Valeriangalliat Markdown It Highlightjs 跨站脚本漏洞

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

WordPress wp-code-highlightjs plugin cross-site request forgery vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-code-highlightjs plugin is a highlighting plugin used in it. A cross-site request forgery vulnerability exists in WordPre...

CVE-2019-12934

An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljsadditionalcss parameter...