2 matches found
CVE-2026-48591
Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':makeatt1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal " bytes: ...
CVE-2024-3901
The WordPress Genesis Blocks plugin (versions 3.1.3 and earlier) is affected by a stored XSS vulnerability in which attributes passed to certain custom blocks are not properly escaped. This can allow users with post-writing permissions (e.g., Contributor) to inject malicious scripts that persist ...