184 matches found
CVE-2017-11594
CVE-2017-11594 affects Loomio’s Markdown parser prior to version 1.8.0. The vulnerability is a cross-site scripting (XSS) flaw that lets remote attackers inject arbitrary web script or HTML through non-sanitized Markdown content in new threads or thread comments. The root cause is improper saniti...
CVE-2017-11594
Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...
Loomio Cross-Site Scripting Vulnerability
Loomio is a cross-platform team decision-making tool. markdown parser is one of the Markdown markup language parser. A cross-site scripting vulnerability exists in the Markdown parser in Loomio versions prior to 1.8.0. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...
Discourse: XSS Vulnerability on Image link parser
I found a XSS Cross-Site Scripting vulnerability, and it is present in the markdown parser when it tries to parse an image URL. To reproduce the vulnerability you need to add a fake image url like: http://host/path/to/image'onerror=alert1;//.png As you can see, we have an invalid image URL which...