52 matches found
PT-2020-12540 · October +1 · October Cms +1
Name of the Vulnerable Software and Affected Versions: October CMS versions 1.0.319 through 1.0.465 RainLab.Blog plugin versions prior to 1.4.1 Description: A user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other...
GitLab Resource Management Error Vulnerability (CNVD-2020-03053)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A resource management error vulnerability exists in GitLa...
UBUNTU-CVE-2019-6785
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service...
RANGER Studio Directus Cross-Site Scripting Vulnerability
RANGER Studio Directus is the United States RANGER Studio company's set of open source for managing custom databases open source headless CMS and API. A cross-site scripting vulnerability exists in the interfaces/markdown/input.vue file in RANGER Studio Directus version 7 prior to Application...
JPress Cross-Site Scripting Vulnerability (CNVD-2019-01670)
JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0.4, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of Markdown input...
Cross site scripting
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option...
CVE-2019-6278
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option...
CVE-2019-6278
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option...
GHSA-MVW8-V767-QHJM Radiant CMS vulnerable to Cross-site Scripting
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
Radiant CMS vulnerable to Cross-site Scripting
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
Design/Logic Flaw
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
CVE-2018-5216
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...