CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

Github Security Blog•added 2026/04/16 10:49 p.m.•4 views

Paperclip: Stored XSS via javascript: URLs in MarkdownBody — urlTransform override disables react-markdown sanitization

Summary MarkdownBody, the shared component used to render every Markdown surface in the Paperclip UI issue documents, issue comments, chat threads, approvals, agent details, export previews, etc., passes urlTransform=url = url to react-markdown. That override replaces react-markdown's built-in...

5.8AI score

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by