Lucene search
K

9 matches found

NVD
NVD
added 2026/05/15 7:16 p.m.11 views

CVE-2021-47963

Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...

7.2CVSS0.00469EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 6:36 p.m.18 views

CVE-2021-47963

CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...

7.2CVSS6.5AI score0.00469EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-35510

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00425EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-43572

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00416EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2022-5772

Malicious code in bioql PyPI...

9.3CVSS7.6AI score0.01205EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-33631

Malicious code in bioql PyPI...

8.2CVSS7AI score0.00333EPSS
Exploits1References2
OSV
OSV
added 2025/09/02 5:15 p.m.5 views

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...

6.1CVSS6.8AI score
Exploits0References3
NVD
NVD
added 2021/11/04 9:15 p.m.12 views

CVE-2021-42057

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...

9.3CVSS0.01205EPSS
Exploits1References1
Node.js
Node.js
added 2019/04/10 1:51 p.m.15 views

Cross-Site Scripting

Overview All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available...

6.7AI score
Exploits0Affected Software1
Rows per page
Query Builder