2 matches found
Incomplete List of Disallowed Inputs
Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs due to a LaTeX blocklist bypass in the LaTeX processing functionality. The LaTeX module fails to enforce its blocklist properly, allowing specially crafted malicious flashcards to create arbitrary...
The vulnerability of the MathLive formula editor, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of MathLive’s formula editor is related to the lack of measures taken to protect the structure of web pages when processing LaTeX expressions with the \htmlData attribute. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...