Lucene search
K

6 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-55596

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-55596 Plate: Media embed provider metadata can bypass URL sanitization and execute iframe JavaScript

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-55596

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS6AI score0.00241EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56579

Name of the Vulnerable Software and Affected Versions Plate versions 53.0.0 through 53.1.3 Description The media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted document to specify a known video...

8.7CVSS6.1AI score0.00241EPSS
Exploits0References8
Prion
Prion
added 2019/03/12 8:29 p.m.11 views

Cross site scripting

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

4.3CVSS6AI score0.00986EPSS
Exploits2References1Affected Software1
Exploit DB
Exploit DB
added 2002/05/15 12:0 a.m.23 views

Opera 5.12/6.0 - Frame Location Same Origin Policy Circumvention

source: https://www.securityfocus.com/bid/4745/info Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser. It is possible to bypass the same...

7.4AI score
Exploits0
Rows per page
Query Builder