TinaCMS 安全漏洞

TinaCMS is an open-source headless CMS developed by Tina for Markdown, MDX, and JSON formats. Versions of TinaCMS prior to 2.2.2 contained a security vulnerability. This vulnerability stemmed from string-based path validation in FilesystemBridge, which allowed operations on files outside of the...

Djena_Bertrand

Description This the writeup on the challenges we solved duri...

EUVD-2020-29162

Malware in sbrugna...

MAL-2025-30742 Malicious code in prompts-auth-oauth-markdown-pdf (npm)

The package prompts-auth-oauth-markdown-pdf was found to contain malicious code...

Llms.txt File Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible 'llms.txt' file on the target application. The 'llms.txt' file is a proposal designed to provide LLM-friendly content written in markdown for LLMs usage. This detection is included in the AI and...

CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format...

SUSE CVE-2025-3512

There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be unaffected, and the fix ...

SUSE CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format...

CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format...

Zonetti Zonote Cross-Site Scripting Vulnerability

Zonetti Zonote is Zonetti individual developers of a Javascript-based language development for the provision of Markdown format note-taking capabilities . A cross-site scripting vulnerability exists in zonote version 0.4.0 and prior versions, which allows remote code execution as the node...

Vanilla: Stored XSS in vanilla

Summary: There is a stored XSS in the latest version 2.6.4 of vanilla. Attack with post privileges can trigger this. Description: This is a feature that user can post content in markdown format. And the content and format type is inserted into database without check the format param. So attack ca...

Arachni Web Application Scanner Web UI - Stored XSS Vulnerability

Exploit for multiple platform in category web applications Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference:...