26 matches found
CVE-2023-29641
Cross Site Scripting XSS vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text...
EUVD-2019-5244
Malware in sbrugna...
EUVD-2023-1499
Malicious code in bioql PyPI...
EUVD-2022-6603
Malicious code in bioql PyPI...
CVE-2020-8548
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-16608
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
CVE-2023-42821
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...
CVE-2023-29641
Cross Site Scripting XSS vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text...
Cross site scripting
Cross Site Scripting XSS vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text...
CVE-2023-29641
Cross Site Scripting XSS vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text...
CVE-2023-29641
Cross Site Scripting XSS vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text...
CVE-2022-36573
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
CVE-2022-36573
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
Cross site scripting
A cross-site scripting XSS vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit...
PT-2022-23480 · Unknown · Pagekit Cms
Name of the Vulnerable Software and Affected Versions: Pagekit CMS version 1.0.18 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under the "/blog/post/edit" API endpoint. The Markdow...
GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability
Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...
Design/Logic Flaw
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...
CVE-2020-8548
massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...