11 matches found
CVE-2026-6658
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
EUVD-2026-39642
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
CVE-2026-6658
The CVE-2026-6658 issue affects jupyter/nbconvert versions <= 7.17.0. The vulnerability arises because the data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling Cross-site Scripting (XSS) by breaking out of the...
CVE-2026-54326 Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...
CVE-2026-54326
Pi HTML exports in Pi (pi-coding-agent) from versions 0.74.0–0.78.0 do not consistently reject unsafe Markdown link and image URL schemes, with C0 control characters in the URL scheme able to bypass checks. This can lead to a Cross-Site Scripting (XSS) risk in the exported static HTML if untruste...
Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme cou...
PT-2026-50182
Name of the Vulnerable Software and Affected Versions @mariozechner/pi-coding-agent versions 0.27.5 through 0.73.1 @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 Description Pi HTML exports render session Markdown into a static HTML file but fail to consistently reject unsafe...
EUVD-2009-1839
Malware in sbrugna...
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...
Moodle 跨站脚本漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle that stems from insufficient harmless handling of user-supplied input when...
CVE-2009-1844
Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow 1 remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the...