Lucene search
K

11 matches found

NVD
NVD
added 2026/06/26 10:16 a.m.8 views

CVE-2026-6658

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 9:40 a.m.8 views

EUVD-2026-39642

A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 9:40 a.m.10 views

CVE-2026-6658

The CVE-2026-6658 issue affects jupyter/nbconvert versions <= 7.17.0. The vulnerability arises because the data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling Cross-site Scripting (XSS) by breaking out of the...

5.4CVSS6.3AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 7:26 p.m.45 views

CVE-2026-54326 Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...

2.5CVSS0.00132EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:26 p.m.28 views

CVE-2026-54326

Pi HTML exports in Pi (pi-coding-agent) from versions 0.74.0–0.78.0 do not consistently reject unsafe Markdown link and image URL schemes, with C0 control characters in the URL scheme able to bypass checks. This can lead to a Cross-Site Scripting (XSS) risk in the exported static HTML if untruste...

2.5CVSS5.8AI score0.00132EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/16 11:43 p.m.8 views

Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme cou...

2.5CVSS5.2AI score0.00132EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50182

Name of the Vulnerable Software and Affected Versions @mariozechner/pi-coding-agent versions 0.27.5 through 0.73.1 @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 Description Pi HTML exports render session Markdown into a static HTML file but fail to consistently reject unsafe...

2.5CVSS5.9AI score0.00132EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-1839

Malware in sbrugna...

3.5CVSS6.3AI score0.00856EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/11 2:46 p.m.9 views

Regex literal in Hurl files are not escaped when exported to HTML, allowing injections

Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...

7.2AI score
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.4 views

Moodle 跨站脚本漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle that stems from insufficient harmless handling of user-supplied input when...

4.8CVSS6.3AI score0.0053EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2009/06/01 2:30 p.m.43 views

CVE-2009-1844

Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow 1 remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the...

3.5CVSS5.9AI score0.00856EPSS
Exploits0References2
Rows per page
Query Builder