Lucene search
+L

6 matches found

CVE
CVE
added 2026/06/29 7:10 p.m.18 views

CVE-2026-54889

Summary: CVE-2026-54889 security issue in Elixir.MDEx.mdex Delta conversion path allows XSS via unsanitized URL schemes in Quill Delta output. The vulnerability arises when Elixir.MDEx.DeltaConverter.default_convert_node/3 copies the URL from link, wikilink, or image nodes into the Delta attribut...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.27 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:50 p.m.5 views

EEF-CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Summary Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: \full\info\string: true\ ar...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 6:50 p.m.10 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/07/18 4:59 p.m.58 views

CVE-2022-24724

cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing table.c:rowfromstring may lead to heap memory corruption when parsing tables who's marker rows contain mor...

9.8CVSS4.2AI score0.04192EPSS
Exploits3References3
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.4 views

showdoc 跨站脚本漏洞

showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .md file extensions in the application's file upload feature. An attacker could use this vulnerability to...

7.1CVSS5.8AI score0.00725EPSS
Exploits1References4
Rows per page
Query Builder