Lucene search
K

277 matches found

Friends Of PHP
Friends Of PHP
added 2025/05/19 12:5 p.m.15 views

symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes

More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...

6.1CVSS7AI score0.00212EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/05/05 8:40 p.m.14 views

GHSA-3527-QV2Q-PFVX league/commonmark contains a XSS vulnerability in Attributes extension

Summary Cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as htmlinput:...

6.4CVSS5.2AI score0.00287EPSS
Exploits0References4
NVD
NVD
added 2025/05/05 8:15 p.m.101 views

CVE-2025-46734

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS0.00287EPSS
Exploits0References2
CVE
CVE
added 2025/05/05 7:52 p.m.87 views

CVE-2025-46734

CVE-2025-46734 affects the PHP Markdown parser league/commonmark, specifically the Attributes extension (versions 1.5.0–2.6.x). The vulnerability allows injection of dangerous HTML attributes via Markdown syntax (e.g., curly braces) that can bypass HTML sanitization settings. Version 2.7.0 mitiga...

6.4CVSS6AI score0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/05 7:52 p.m.8 views

CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS5.3AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/05 7:52 p.m.91 views

CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS0.00287EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/05/05 7:52 p.m.8 views

CVE-2025-46734

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

6.4CVSS5.3AI score0.00287EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/12/12 8:48 a.m.14 views

CVE-2024-55601

A flaw was found in the Hugo static site generator. Some HTML attributes in Markdown in the internal templates do not escape in internal render hooks. Hugo users who do not trust their Markdown content files and are using one or more of these templates are impacted; default/markup/render-link.htm...

5.4CVSS6.3AI score0.00574EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/12/11 3:48 a.m.3 views

SUSE CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.6AI score0.00574EPSS
Exploits0References4
NVD
NVD
added 2024/12/09 10:15 p.m.33 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS0.00574EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/09 9:11 p.m.34 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS0.00574EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/09 9:11 p.m.9 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.7AI score0.00574EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/12/09 9:11 p.m.15 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.5AI score0.00574EPSS
Exploits0
CVE
CVE
added 2024/12/09 9:11 p.m.91 views

CVE-2024-55601

Hugo, a static site generator, is affected in versions 0.123.0 through 0.139.3 (prior to 0.139.4). The issue: certain HTML attributes in Markdown in internal templates are not escaped in render hooks, specifically in templates _default/_markup/render-link.html (v0.123.0), _default/_markup/render-...

5.3CVSS6.2AI score0.00574EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/12/09 9:11 p.m.13 views

CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS5.8AI score0.00574EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/11/14 5:38 p.m.18 views

Remote Code Execution on click of <a> Link in markdown preview

Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...

9.6CVSS8.6AI score0.01037EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2024/11/01 6:35 a.m.4 views

Cross-site Scripting (XSS)

Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Markdown class in lib/markdown2.py, which insufficiently sanitizes attribute values. An attacker can exploit this by crafting...

6.1CVSS5.3AI score
Exploits0References3
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2676)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00979EPSS
Exploits0References2
Snyk
Snyk
added 2024/10/01 3:42 p.m.3 views

Cross-site Scripting (XSS)

Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the handling of HTML element attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

8.3CVSS5.3AI score0.00715EPSS
Exploits0References2
Veracode
Veracode
added 2024/08/30 12:49 p.m.15 views

Cross-site Scripting (XSS)

Typo3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parsing of values assigned to HTML attributes in the frontend's typolink functionality and improper encoding of error messages in the backend's filelist module when renaming files...

6.5AI score
Exploits0
Rows per page
Query Builder