CVE-2021-46372

Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters...

CVE-2021-46372

Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters...

Design/Logic Flaw

Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters...

CVE-2021-46372

Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters...

CVE-2021-46372

CVE-2021-46372 affects Scoold 1.47.2 (Java-based Q&A/KBA). The markdown editor is vulnerable to an XSS attack when uppercase letters are used in a Q&A. NVD/OSV entries describe a Medium severity (CVSS 3.1 base score 5.4) with network attack vector and user interaction required. The provided docum...

Erudika Scoold跨站脚本漏洞

Erudika Scoold is an open source Q&A/knowledge base platform written in Java by Erudika Bulgaria. A security vulnerability exists in Scoold 1.47.2, which stems from the markdown editor being susceptible to an XSS attack if capitalization is used when writing a Q&A...

CVE-2022-23637

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

Cross site scripting

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

CVE-2022-23637 Stored Cross-Site-Scripting (XSS) in Markdown Editor

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

CVE-2022-23637 Stored Cross-Site-Scripting (XSS) in Markdown Editor

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

CVE-2022-23637 Stored Cross-Site-Scripting (XSS) in Markdown Editor

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting XSS vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked,...

Cross-site Scripting (XSS) - Stored in vanessa219/vditor

Description The Vanessa219/vditor is a markdown editor supported by browsers. If the user passes javascript:alertdocument.domain as the URL value when creating a link using the markdown syntax, there is no sanitizing process and the link is created as it is. Proof of Concept txt XSS PoC : xss 1...

CVE-2021-25989

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them...

Cross site scripting

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them...

CVE-2021-25989 ifme - Stored Cross-Site Scripting (XSS) in Groups section

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them...

CVE-2021-25989

Summary: CVE-2021-25989 affects the Ifme application. Vulnerability: stored XSS in the Markdown editor affecting versions 1.0.0 through 7.31.4. The payload can be triggered when a user is made a Leader of a group, according to the linked entries. Root cause (as described): lack of input/data vali...

CVE-2021-25989 ifme - Stored Cross-Site Scripting (XSS) in Groups section

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them...

Ifme 跨站脚本漏洞

Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. A cross-site scripting vulnerability exists in ifme that stems from the product's markdown editor not doing valid validation of input data. An attacker could trigge...

Cross-site Scripting (XSS) - Generic in uiwjs/react-md-editor

Description XSS vulnerability through the markdown editor Proof of Concept Steps to Reproduce Visit the demo page. Past the payload in the markdown editor. Impact - Steal a user's token - Session hijacking...

JVN#29949691: Inkdrop vulnerable to OS command injection

Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains an OS command injection vulnerability CWE-78. Impact If a file or code snippet containing an invalid iframe is loaded into Inkdrop, an arbitrary OS command may be executed on the system where it runs. Solution Update the...