9 matches found
CVE-2021-47963
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. Attackers can craft malicious markdown files with embedded JavaScript that executes system commands...
CVE-2021-47963
CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...
EUVD-2023-35510
Malicious code in bioql PyPI...
EUVD-2022-43572
Malicious code in bioql PyPI...
EUVD-2022-5772
Malicious code in bioql PyPI...
EUVD-2023-33631
Malicious code in bioql PyPI...
CVE-2025-55474
Many Notes 0.10.1 is vulnerable to Cross Site Scripting XSS, which allows malicious Markdown files to execute JavaScript when viewed...
CVE-2021-42057
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...
Cross-Site Scripting
Overview All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available...