CVE-2025-41040

CVE-2025-41040 : appRain CMF 4.0.5 contains a stored authenticated XSS in /apprain/developer/language/lipsum.xml via unsanitized data[code], data[lang][0][key/value], data[lang][1][key], and data[title]. Root cause: improper validation of user input. Impact: cookie-based credential theft potentia...

Valeriangalliat Markdown It Highlightjs Cross-Site Scripting Vulnerability

Valeriangalliat Markdown It Highlightjs is Valeriangalliat individual developers of a Js code base for Web page Markdown highlighting . A cross-site scripting vulnerability exists in markdown-it-highlightjs versions prior to 3.3.1, which stems from the ability to insert malicious JavaScript as th...

Cross-site Scripting (XSS)

Overview markdown-it-highlightjs is a Preset to use highlight.js with markdown-it. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const...

CVE-2005-4017

property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...