CVE-2021-32855

The CVE-2021-32855 entry concerns Vditor, a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS) where an attacker must lure a user into pasting a malicious payload into the editor. The vulnerability is mitigated in version 3.8.7, which con...

@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25102 via simple-markdown (>=0.0.9 <=0.5.3)

simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25102 Source advisory: OSV:GHSA-J533-2G8V-PMPG...

CVE-2022-42967 XSS in Caret markdown editor leads to remote code execution when viewing crafted Markdown files

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

Stored XSS via markdown link

Description Markdown editor doesn't sanitize user's input, leads to stored XSS Proof of Concept a Reproduce 1.Login to https://demo.usememos.com/ 2.Create new memo with content a 3.Ctrl+left click this link, javascript code has been executed...

Typora Cross-Site Scripting Vulnerability

Typora is a lightweight Markdown editor developed by Abner Lee. A cross-site scripting vulnerability exists in versions prior to Typora 1.4.4, which can be exploited by attackers to launch cross-site scripting attacks...

CVE-2021-39393

mm-wiki v0.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the markdown editor...

CVE-2021-39393

mm-wiki v0.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the markdown editor...

Cross site scripting

mm-wiki v0.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the markdown editor...

CVE-2021-39393

mm-wiki v0.2.1 was discovered to contain a cross-site scripting XSS vulnerability via the markdown editor...

CVE-2021-39393

CVE-2021-39393 affects mm-wiki v0.2.1, with a cross-site scripting (XSS) vulnerability via the markdown editor. The issue stems from insufficient input sanitization, enabling injection of malicious scripts. Impact and remediation details are limited across the provided sources; CVSS indicates a l...

mm-wiki 跨站脚本漏洞

mm-wiki is a Chinese phachon individual developers of a lightweight enterprise knowledge sharing and team collaboration software. It can be used to quickly build enterprise Wiki and team knowledge sharing platform. A security vulnerability exists in mm-wiki v0.2.1, which is caused by cross-site...

U.S. Dept Of Defense: STORED XSS in █████████/nlc/login.aspx via "edit" GET parameter through markdown editor [HtUS]

While looking through the source code of https://████████/nlc/login.aspx,I noticed this line 204: Cancel ,which exposes the edit GET parameter. Upon accessing https://█████████/nlc/login.aspx?edit=true ,a hidden markdown editor will be revealed if you click around where the bottom text is,which...

Stored Cross-Site Scripting vulnerability in Recipe Instructions allows Admin session hijacking

Description A low privilege user can insert malicious JavaScript code into the Recipe Instructions which will execute in another person's browser that visits the recipe. Proof of Concept Reproduction Steps: 1. As a lower privileged user login to the Mealie web application. 2. Create a recipe and...

GHSA-85Q9-7467-R53Q XSS Vulnerability in Markdown Editor

Impact InvenTree uses EasyMDE for displaying markdown text in various places e.g. for the various "notes" fields associated with various models. By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the use...

XSS Vulnerability in Markdown Editor

Impact InvenTree uses EasyMDE for displaying markdown text in various places e.g. for the various "notes" fields associated with various models. By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the use...

Stored XSS Via Markdown payload at HackerOne Settings

Description Rengine supports automatic vulnerability reporting to hackerone the module included a feature to customize the report using a markdown editor. Although it was blocking some malicious payloads, the Cross-Site Scripting was found exploitable via a special payload. Proof of Concept 1. Go...

CVE-2022-24837

The CVE-2022-24837 entry corresponds to HedgeDoc: images uploaded since v1.9.1 generate enumerable filenames, enabling potential information leakage from private notes across all upload backends (except Lutim/imgur). The underlying issue is a predictable filename generation mechanism, which has b...

vditor 跨站脚本漏洞

vditor is a browser-based Markdown editor that supports WYSIWYG, instant rendering similar to Typora, and split-screen preview modes. A cross-site scripting vulnerability exists in vditor versions prior to 3.8.13, which stems from the fact that if a user passes a link as a URL value when creating...

Marky 注入漏洞

Marky is a Markdown editor by Alessandro Arnodo, a Swiss individual developer. Marky suffers from an injection vulnerability that allows an attacker to execute arbitrary code by injecting a carefully crafted attack payload...

Mark Text Cross-Site Scripting Vulnerability (CNVD-2022-21485)

Mark Text is a Markdown editor built on Electron for individual developers. v0.16.3 of Mark Text contains a security vulnerability that could be exploited to execute remote code by injecting a crafted payload into /lib/contentState/pasteCtrl.js...