277 matches found
symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes
More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...
GHSA-3527-QV2Q-PFVX league/commonmark contains a XSS vulnerability in Attributes extension
Summary Cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. Details The league/commonmark library provides configuration options such as htmlinput:...
CVE-2025-46734
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734
CVE-2025-46734 affects the PHP Markdown parser league/commonmark, specifically the Attributes extension (versions 1.5.0–2.6.x). The vulnerability allows injection of dangerous HTML attributes via Markdown syntax (e.g., curly braces) that can bypass HTML sanitization settings. Version 2.7.0 mitiga...
CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46734
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2024-55601
A flaw was found in the Hugo static site generator. Some HTML attributes in Markdown in the internal templates do not escape in internal render hooks. Hugo users who do not trust their Markdown content files and are using one or more of these templates are impacted; default/markup/render-link.htm...
SUSE CVE-2024-55601
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
CVE-2024-55601
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
CVE-2024-55601 Hugo does not escape some attributes in internal templates
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
CVE-2024-55601 Hugo does not escape some attributes in internal templates
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
CVE-2024-55601
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
CVE-2024-55601
Hugo, a static site generator, is affected in versions 0.123.0 through 0.139.3 (prior to 0.139.4). The issue: certain HTML attributes in Markdown in internal templates are not escaped in render hooks, specifically in templates _default/_markup/render-link.html (v0.123.0), _default/_markup/render-...
CVE-2024-55601
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...
Remote Code Execution on click of <a> Link in markdown preview
Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...
Cross-site Scripting (XSS)
Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Markdown class in lib/markdown2.py, which insufficiently sanitizes attribute values. An attacker can exploit this by crafting...
Huawei EulerOS: Security Advisory for python-jinja2 (EulerOS-SA-2024-2676)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-site Scripting (XSS)
Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the handling of HTML element attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...
Cross-site Scripting (XSS)
Typo3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parsing of values assigned to HTML attributes in the frontend's typolink functionality and improper encoding of error messages in the backend's filelist module when renaming files...