Cross site scripting

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible...

CVE-2023-35054

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible...

CVE-2023-35054

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible...

CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

PT-2022-25314 · Zettlr · Zettlr

Name of the Vulnerable Software and Affected Versions: Zettlr version 2.3.0 Description: The issue allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not...

CVE-2022-25204

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

Gitlab -- Multiple vulnerabilities

Gigtlab reports: Remote code execution via unsafe user-controlled markdown rendering options...

Code injection

interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 does not sanitize Markdown text before rendering a preview...

Node.js third-party modules: [harp] Unsafe rendering of Markdown files

I would like to report Cross Site Scripting vulnerablity in harp module It allows to execute arbitrary JavaScript due to unsafe rendering of markdown files. Similar to 404126 Module module name: harp version: 0.29.0 npm page: https://www.npmjs.com/package/harp Module Description zero-configuratio...

CVE-2018-14601

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow...

CVE-2018-14601

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow...

CVE-2018-14601

Removed by vendor...

GitLab CE and EE Denial of Service Vulnerabilities

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A denial-of-service...