29 matches found
EUVD-2024-2940
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-21535
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An...
CVE-2024-56082
ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true...
Lumos 安全漏洞
Lumos is a tool by Andrew Nguonly personal developer. It is used for browsing web pages. A security vulnerability exists in Lumos versions prior to 1.0.17, which stems from the use of the markdown-to-jsx package without disableParsingRawHTML set to true, where ChatBar.tsx parses raw HTML from...
CVE-2024-56082
Lumos vulnerability CVE-2024-56082 affects Lumos versions prior to 1.0.17. The issue lies in ChatBar.tsx, which parses raw HTML in Markdown because the markdown-to-jsx package is used without disabling raw HTML parsing (disableParsingRawHTML not set to true). This can lead to HTML content in Mark...
PT-2024-36709 · Unknown +1 · Markdown-To-Jsx +1
Name of the Vulnerable Software and Affected Versions: Lumos versions prior to 1.0.17 Description: The issue arises from the ChatBar.tsx component in Lumos, which parses raw HTML in Markdown. This occurs because the markdown-to-jsx package is used without setting disableParsingRawHTML to true...
Cross-site Scripting (XSS)
markdown-to-jsx is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization, where an attacker can execute arbitrary code by injecting a malicious iframe element via the src property in the markdown...
SUSE CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
@0xgabi/1hive-ui (=1.0.11), @0xgabi/ui (>=1.4.3 <=1.9.5) +1878 more potentially affected by CVE-2024-21535 via markdown-to-jsx (>=2.0.1 <=7.3.2)
markdown-to-jsx NPM version =2.0.1, =1.4.3, =1.0.0, =1.0.5, =0.1.4, =1.0.0, =1.2.0, =1.0.0, =1.1.4, =1.16.0, =1.1.2, =0.5.19-20200320212412, =1.0.0-beta.10, =1.0.0, =1.0.5 - @admin-bro/design-system =1.4.0 and more Source cves: CVE-2024-21535 Source advisory: OSV:GHSA-4WX3-54GH-9FR9...
GHSA-4WX3-54GH-9FR9 Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
CVE-2024-21535
A flaw was found in markdown-to-jsx. This vulnerability allows an attacker to execute arbitrary code via Cross-site scripting XSS through the src property by injecting a malicious iframe element into the markdown. Mitigation Mitigation for this issue is either not available or the currently...
CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
DEBIAN-CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
UBUNTU-CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
CVE-2024-21535
Technical details about CVE-2024-21535 are not provided in the connected documents. Monitoring for updates is advised.
CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...