4604 matches found
Cross-Site Scripting
Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...
Cross-Site Scripting (XSS)
react-marked-markdown is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not sanitize the href values to XSS-free string...
Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...
Zulip Server Cross-Site Scripting Vulnerability (CNVD-2018-08600)
Zulip Server is a set of open source group chat application written in Python based on the Django framework . frontend markdown processor is one of the front-end markdown markup language processor . A cross-site scripting vulnerability exists in the frontend markdown processor in Zulip Server...
CVE-2018-1000162
Parsedown prior to version 1.7.0 contains a Cross-Site Scripting (XSS) vulnerability in the setMarkupEscaped HTML escaping logic, exploitable via specially crafted Markdown that can bypass AST boundaries. The issue is documented under CVE-2018-1000162 and is stated to be fixed in 1.7.0 and later....
Cross site scripting
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...
CVE-2018-9986
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...
CVE-2018-9986
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...
Cross-site Scripting (XSS)
mrk.js is vulnerable to cross-site scripting XSS attacks. The library does not sanitize URL links during markdown parsing, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-site Scripting (XSS)
superset is vulnerable to cross-site scripting XSS attacks. A malicious user is able to inject and execute arbitrary Javascript when generating links in markdown or in the chart description...
Valve: Xss was found by exploiting the URL markdown on http://store.steampowered.com
Hello guys I found an xss vulnerability on store.steampowered.com markdown POC http://store.steampowered.com/widget/386360/?t=url=google.com:/onclick=%27alertdocument.domain%27url=xss/url Here is my exploit url=google.com:/onclick='alertdocument.domain'url=xss/url Steps 1 - go to any product 2 -...
PYSEC-2018-13
An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...
Radiant CMS vulnerable to Cross-site Scripting
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
GHSA-MVW8-V767-QHJM Radiant CMS vulnerable to Cross-site Scripting
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
CVE-2018-5216
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
Design/Logic Flaw
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
CVE-2018-5216
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
CVE-2018-5216
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
Radiant CMS 1.1.4 Markdown admin/pages/*/edit part_body_content cross site scripting
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...
CVE-2017-1000491
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...