10 matches found
Silverstripe HtmlEditor embed url sanitisation
"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...
@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)
tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...
PT-2023-12189 · Cockpit · Cockpit
Name of the Vulnerable Software and Affected Versions: Cockpit versions 0.12.2 and prior Description: Cockpit is a content management system that allows addition of content management functionality to any site. In the affected versions, bad HTML sanitization in htmleditor.js may lead to cross-sit...
Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...
GHSA-WC6R-4GGC-79W5 Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...
GHSA-QW4W-VQ8V-2WCV Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...
Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...
CVE-2022-37430 - Stored XSS using uppercase characters in HTMLEditor
More info at https://www.silverstripe.org/download/security-releases/cve-2022-37430...
CVE-2022-37429 - Stored XSS using HTMLEditor
More info at https://www.silverstripe.org/download/security-releases/cve-2022-37429...
SS-2015-027: HtmlEditor embed url sanitisation
More info at https://www.silverstripe.org/download/security-releases/ss-2015-027/...