EUVD-2024-2602

Malicious code in bioql PyPI...

CVE-2024-43369

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

GHSA-HVCF-6324-CJH7 Persistent Cross-site Scripting in Ibexa RichText Field Type

Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...

Wagtail 跨站脚本漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Wagtail that stems from the fact that Wagtail does not apply server-side checks to ensure that the link url uses a valid protocol...

Content Injection in remarkable

Versions 1.4.0 and earlier of remarkable are affected by a cross-site scripting vulnerability. This occurs because vulnerable versions of remarkable did not properly whitelist link protocols, and consequently allowed javascript: to be used. Proof of Concept Markdown Source: link Rendered HTML: li...