Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly validate the markdown links, which allows an attacker to inject and execute malicious javascript...

CVE-2023-3593 Server crash via a specially crafted markdown input

Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input...

CVE-2023-3593

Mattermost contains a vulnerability (CVE-2023-3593) where improper validation of markdown input can crash the server. Affected software is Mattermost; the issue concerns the markdown validation component, with the underlying impact described as server unavailability (availability impact) but no e...

PT-2022-25314 · Zettlr · Zettlr

Name of the Vulnerable Software and Affected Versions: Zettlr version 2.3.0 Description: The issue allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not...

UBUNTU-CVE-2020-26409

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

Gitlab CE/EE Input Validation Error Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in Gitlab CE/EE version...