Lucene search
K

126 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-6784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2...

6.1CVSS6.7AI score0.01055EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/19 8:16 p.m.6 views

Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

5.3CVSS6.1AI score0.0071EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/19 8:16 p.m.2 views

GHSA-7RQQ-PRVP-X9JH Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

5.3CVSS5.9AI score0.0071EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/06/19 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : KaTeX vulnerabilities (USN-7572-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7572-1 advisory. Juho Forsn discovered that KaTeX did not correctly handle certain inputs, which could lead to an infinite loop. If a user or...

7.2CVSS6.6AI score0.01414EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2025/06/17 12:46 a.m.4 views

USN-7572-1: KaTeX vulnerabilities

Juho Forsén discovered that KaTeX did not correctly handle certain inputs, which could lead to an infinite loop. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22....

7.2CVSS6.5AI score0.01414EPSS
Exploits0
OSV
OSV
added 2025/06/17 12:46 a.m.2 views

USN-7572-1 node-katex vulnerabilities

Juho Forsén discovered that KaTeX did not correctly handle certain inputs, which could lead to an infinite loop. If a user or application were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22....

7.2CVSS6.7AI score0.01414EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:13 a.m.9 views

CVE-2024-53930

WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\, which is mishandled by a KaTeX parser...

5.4CVSS5.7AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 a.m.9 views

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

6.1CVSS5.7AI score0.01055EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-28243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

6.5CVSS6.4AI score0.01414EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-28244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

6.5CVSS6.7AI score0.02155EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-28246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain...

5.5CVSS5.7AI score0.00406EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-28245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using...

6.3CVSS6.4AI score0.00406EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/01/28 12:0 a.m.7 views

The vulnerability of the `renderToString()` function in the JavaScript library for rendering mathematical expressions in KaTeX allows a hacker to execute arbitrary code.

The vulnerability of the renderToString function in the JavaScript library for rendering mathematical expressions in KaTeX is related to incorrect encoding or escaping of output data when processing the \htmlData parameter. Exploiting this vulnerability may allow a remote attacker to execute...

6.5CVSS7AI score0.00381EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/01/24 4:33 a.m.13 views

Cross-Site Scripting (XSS)

KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...

7.2CVSS6.4AI score0.00381EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/01/18 1:20 a.m.12 views

CVE-2025-23207

A flaw was found in the KaTeX library. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript or generate invalid HTML. Mitigation Users unable to upgrade should turn off the trust option or set ...

6.3CVSS6.1AI score0.00381EPSS
Exploits0References5
NVD
NVD
added 2025/01/17 10:15 p.m.25 views

CVE-2025-23207

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

7.2CVSS0.00381EPSS
Exploits0References2
OSV
OSV
added 2025/01/17 10:15 p.m.4 views

DEBIAN-CVE-2025-23207

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

7.2CVSS6.6AI score0.00381EPSS
Exploits0References1
OSV
OSV
added 2025/01/17 10:15 p.m.1 views

UBUNTU-CVE-2025-23207

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

7.2CVSS6.7AI score0.00381EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/01/17 9:25 p.m.17 views

CVE-2025-23207 \htmlData does not validate attribute names in KaTeX

KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade t...

6.3CVSS0.00381EPSS
Exploits0References2
CVE
CVE
added 2025/01/17 9:25 p.m.71 views

CVE-2025-23207

CVE-2025-23207 affects KaTeX, a JavaScript library for web math rendering. The vulnerability arises when untrusted expressions are rendered via renderToString, where malicious input using \htmlData can execute arbitrary JavaScript or produce invalid HTML. The public advisories recommend upgrading...

7.2CVSS6.4AI score0.00381EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder