Lucene search
K

184 matches found

CVE
CVE
added 2017/07/24 1:0 a.m.42 views

CVE-2017-11594

CVE-2017-11594 affects Loomio’s Markdown parser prior to version 1.8.0. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML through non-sanitized Markdown content in new threads or thread comments. The root cause is improper saniti...

5.4CVSS5.3AI score0.01189EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/07/24 1:0 a.m.16 views

CVE-2017-11594

Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...

5.4AI score0.01189EPSS
Exploits1References3
CNVD
CNVD
added 2017/07/24 12:0 a.m.3 views

Loomio Cross-Site Scripting Vulnerability

Loomio is a cross-platform team decision-making tool. markdown parser is one of the Markdown markup language parser. A cross-site scripting vulnerability exists in the Markdown parser in Loomio versions prior to 1.8.0. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...

5.4CVSS5.2AI score0.01189EPSS
Exploits1References1
Hacker One
Hacker One
added 2016/12/17 9:8 a.m.146 views

Discourse: XSS Vulnerability on Image link parser

I found a XSS Cross-Site Scripting vulnerability, and it is present in the markdown parser when it tries to parse an image URL. To reproduce the vulnerability you need to add a fake image url like: http://host/path/to/image'onerror=alert1;//.png As you can see, we have an invalid image URL which...

5.9AI score
Exploits0
Rows per page
Query Builder