CVE-2021-47963

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

CVE-2021-47963

CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...

Cross-site Scripting (XSS)

Overview @diplodoc/search-extension is a Lunr based offline search extension for Diplodoc platform Affected versions of this package are vulnerable to Cross-site Scripting XSS in the title field of Markdown files. An attacker can execute arbitrary scripts in the context of the user's browser by...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.markdown function. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious HTM...

CVE-2025-65959 Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing...

EUVD-2023-33820

Malicious code in bioql PyPI...

EUVD-2023-35510

Malicious code in bioql PyPI...

EUVD-2022-5772

Malicious code in bioql PyPI...

EUVD-2022-7076

Malicious code in bioql PyPI...

EUVD-2022-43572

Malicious code in bioql PyPI...

EUVD-2023-33631

Malicious code in bioql PyPI...

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...

CVE-2023-2316

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

SUSE CVE-2024-22420

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the...

PT-2024-19411 · Unknown · Jupyterlab

Name of the Vulnerable Software and Affected Versions: JupyterLab versions prior to 4.0.11 Description: This issue depends on user interaction by opening a malicious Markdown file using JupyterLab's preview feature. A malicious user can access any data that the attacked user has access to and...

CVE-2023-2971

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

CVE-2023-2317

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

PT-2023-18866 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.6.7 Description: The issue is related to improper path handling, which allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This can be exploited if a user...