52 matches found
CVE-2025-61599
CVE-2025-61599 affects EMLOG Pro 2.5.21 and earlier. A stored XSS vulnerability exists in the Twitter feature where an authenticated user with posting privileges can inject arbitrary JavaScript code. The malicious script is stored on the server and executes in the browser of any user (including a...
CVE-2025-61599 Emlog is Vulnerable to Stored Cross-Site Scripting (XSS) in "Twitter" Feature via Markdown Input
Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...
Linux Distros Unpatched Vulnerability : CVE-2020-26409
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassin...
Linux Distros Unpatched Vulnerability : CVE-2019-6785
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service...
CVE-2018-25110
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...
CVE-2018-25110
CVE-2018-25110 affects the markedjs/marked parser. The vulnerability stems from catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links, allowing a Regular Expression Denial of Service (ReDoS) via crafted markdown input (e.g., deeply nested or repeti...
CVE-2018-25110
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...
PT-2025-22799 · Marked · Marked
Name of the Vulnerable Software and Affected Versions: Marked versions prior to 0.3.17 Description: The issue is related to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacke...
CVE-2020-26409
A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...
CVE-2019-6278
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option...
CVE-2019-6785
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service...
CVE-2019-15584
A denial of service exists in gitlab...
GO-2023-2074 Parser out-of-bounds read caused by a malformed markdown input in github.com/gomarkdown/markdown
Parser out-of-bounds read caused by a malformed markdown input in github.com/gomarkdown/markdown...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from the US-based company Mattermost. Mattermost suffers from a security vulnerability that stems from allowing an attacker to crash the server via specially crafted markdown input...
PT-2023-25387 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to improper validation of markdown input, which allows an attacker to crash the server using a specially crafted markdown input. There is no information provided abo...
SUSE CVE-2020-8031
A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prio...
Snipe-IT 跨站脚本漏洞
Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to v6.0.11, which originates from a user with Super Administrator privileges being able to implement cross-site scripting via a Markdown Input field...
Stored Cross-Site Scripting (XSS)
Description Input fields allowing Markdown Input are vulnerable to XSS. This requires Superadmin permissions though. Proof of Concept Steps to reproduce: 1. Log in to the admin account 2. Go to Admin - General Settings 3. Enter the Payload in the Login Note and Dashboard Message fields. 4. Go to...
CVE-2022-34913
md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in RosarioSIS before 7.6.1 via the xssclean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields...