Lucene search
K

52 matches found

CVE
CVE
added 2025/10/03 6:27 a.m.11 views

CVE-2025-61599

CVE-2025-61599 affects EMLOG Pro 2.5.21 and earlier. A stored XSS vulnerability exists in the Twitter feature where an authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the server and executes in the browser of any user (including a...

5.4CVSS5.2AI score0.00189EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/10/03 6:27 a.m.13 views

CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.1CVSS0.00189EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-26409

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassin...

6.5CVSS6.4AI score0.01244EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-6785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service...

6.5CVSS6.8AI score0.01255EPSS
Exploits1References2
OSV
OSV
added 2025/05/23 3:15 p.m.7 views

CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

7.5CVSS6.5AI score0.00493EPSS
Exploits1References4
CVE
CVE
added 2025/05/23 2:53 p.m.57 views

CVE-2018-25110

CVE-2018-25110 affects the markedjs/marked parser. The vulnerability stems from catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links, allowing a Regular Expression Denial of Service (ReDoS) via crafted markdown input (e.g., deeply nested or repeti...

7.5CVSS6.3AI score0.00493EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2025/05/23 2:53 p.m.9 views

CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

7.5CVSS5.5AI score0.00493EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.9 views

PT-2025-22799 · Marked · Marked

Name of the Vulnerable Software and Affected Versions: Marked versions prior to 0.3.17 Description: The issue is related to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacke...

6.9CVSS6AI score0.00493EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.4 views

CVE-2020-26409

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

6.5CVSS6.6AI score0.01244EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.7 views

CVE-2019-6278

XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option...

5.4CVSS6.3AI score0.00506EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:47 a.m.10 views

CVE-2019-6785

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service...

6.5CVSS6.4AI score0.01255EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.6 views

CVE-2019-15584

A denial of service exists in gitlab...

6.5CVSS6.6AI score0.01198EPSS
Exploits1References1
OSV
OSV
added 2023/09/22 10:4 p.m.19 views

GO-2023-2074 Parser out-of-bounds read caused by a malformed markdown input in github.com/gomarkdown/markdown

Parser out-of-bounds read caused by a malformed markdown input in github.com/gomarkdown/markdown...

7.5CVSS7.2AI score0.01042EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.4 views

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from the US-based company Mattermost. Mattermost suffers from a security vulnerability that stems from allowing an attacker to crash the server via specially crafted markdown input...

6.5CVSS6.5AI score0.00504EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.4 views

PT-2023-25387 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to improper validation of markdown input, which allows an attacker to crash the server using a specially crafted markdown input. There is no information provided abo...

6.5CVSS6.3AI score0.00504EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.8 views

SUSE CVE-2020-8031

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...

6.3CVSS5.5AI score0.00748EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.6 views

Snipe-IT 跨站脚本漏洞

Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to v6.0.11, which originates from a user with Super Administrator privileges being able to implement cross-site scripting via a Markdown Input field...

5.9CVSS6AI score0.00595EPSS
Exploits1References3
Huntr
Huntr
added 2022/08/28 4:44 p.m.21 views

Stored Cross-Site Scripting (XSS)

Description Input fields allowing Markdown Input are vulnerable to XSS. This requires Superadmin permissions though. Proof of Concept Steps to reproduce: 1. Log in to the admin account 2. Go to Admin - General Settings 3. Enter the Payload in the Login Note and Dashboard Message fields. 4. Go to...

4.3CVSS1.4AI score0.00595EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/07/02 8:15 p.m.3 views

CVE-2022-34913

md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input...

9.8CVSS6.2AI score0.02684EPSS
Exploits1References2
Prion
Prion
added 2022/02/24 3:15 p.m.17 views

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in RosarioSIS before 7.6.1 via the xssclean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields...

3.5CVSS5.3AI score0.00718EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder