Cross-site Scripting (XSS)

Overview @diplodoc/search-extension is a Lunr based offline search extension for Diplodoc platform Affected versions of this package are vulnerable to Cross-site Scripting XSS in the title field of Markdown files. An attacker can execute arbitrary scripts in the context of the user's browser by...

@diplodoc/search-extension allows stored XSS via Markdown file title

@diplodoc/search-extension 1.0.0 through 3.0.2 allows stored XSS via .md file title...

GHSA-RJMP-RWJ4-MV82 @diplodoc/search-extension allows stored XSS via Markdown file title

@diplodoc/search-extension 1.0.0 through 3.0.2 allows stored XSS via .md file title...

CVE-2026-40201

@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file...

EUVD-2019-7640

Malware in sbrugna...

CVE-2024-32875 Hugo doesn't escape markdown title in internal render hooks

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...