Lucene search
K

4604 matches found

Node.js
Node.js
added 2018/05/17 8:43 p.m.559 views

Cross-Site Scripting

Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...

5.9AI score
Exploits0Affected Software1
Veracode
Veracode
added 2018/05/14 3:4 a.m.13 views

Cross-Site Scripting (XSS)

react-marked-markdown is vulnerable to cross-site scripting XSS. The vulnerability exists because it does not sanitize the href values to XSS-free string...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2018/04/27 7:35 p.m.44 views

Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...

0.5AI score
Exploits0
CNVD
CNVD
added 2018/04/19 12:0 a.m.5 views

Zulip Server Cross-Site Scripting Vulnerability (CNVD-2018-08600)

Zulip Server is a set of open source group chat application written in Python based on the Django framework . frontend markdown processor is one of the front-end markdown markup language processor . A cross-site scripting vulnerability exists in the frontend markdown processor in Zulip Server...

6.1CVSS6AI score0.00829EPSS
Exploits0References1
CVE
CVE
added 2018/04/18 7:0 p.m.462 views

CVE-2018-1000162

Parsedown prior to version 1.7.0 contains a Cross-Site Scripting (XSS) vulnerability in the setMarkupEscaped HTML escaping logic, exploitable via specially crafted Markdown that can bypass AST boundaries. The issue is documented under CVE-2018-1000162 and is stated to be fixed in 1.7.0 and later....

6.1CVSS6.1AI score0.012EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/04/18 8:29 a.m.14 views

Cross site scripting

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...

4.3CVSS6AI score0.00829EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/18 8:29 a.m.17 views

CVE-2018-9986

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...

6.1CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2018/04/18 8:0 a.m.19 views

CVE-2018-9986

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...

6.1AI score0.00829EPSS
Exploits0References1
Veracode
Veracode
added 2018/03/06 2:33 a.m.11 views

Cross-site Scripting (XSS)

mrk.js is vulnerable to cross-site scripting XSS attacks. The library does not sanitize URL links during markdown parsing, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Veracode
Veracode
added 2018/02/13 7:46 a.m.13 views

Cross-site Scripting (XSS)

superset is vulnerable to cross-site scripting XSS attacks. A malicious user is able to inject and execute arbitrary Javascript when generating links in markdown or in the chart description...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2018/02/07 5:13 p.m.43 views

Valve: Xss was found by exploiting the URL markdown on http://store.steampowered.com

Hello guys I found an xss vulnerability on store.steampowered.com markdown POC http://store.steampowered.com/widget/386360/?t=url=google.com:/onclick=%27alertdocument.domain%27url=xss/url Here is my exploit url=google.com:/onclick='alertdocument.domain'url=xss/url Steps 1 - go to any product 2 -...

7AI score
Exploits0
OSV
OSV
added 2018/01/18 9:29 p.m.9 views

PYSEC-2018-13

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...

6.1CVSS5.9AI score0.00812EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/01/06 1:11 a.m.34 views

Radiant CMS vulnerable to Cross-site Scripting

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

5.4CVSS3.2AI score0.00537EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/01/06 1:11 a.m.21 views

GHSA-MVW8-V767-QHJM Radiant CMS vulnerable to Cross-site Scripting

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

5.4CVSS5.1AI score0.00537EPSS
Exploits1References3
OSV
OSV
added 2018/01/04 7:29 p.m.5 views

CVE-2018-5216

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

5.4CVSS5.8AI score0.00537EPSS
Exploits1References1
Prion
Prion
added 2018/01/04 7:29 p.m.15 views

Design/Logic Flaw

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

3.5CVSS5.1AI score0.00537EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/01/04 7:29 p.m.26 views

CVE-2018-5216

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

5.4CVSS5.2AI score0.00537EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/01/04 7:0 p.m.28 views

CVE-2018-5216

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

5.2AI score0.00537EPSS
Exploits1References1
RubySec
RubySec
added 2018/01/04 12:0 a.m.24 views

Radiant CMS 1.1.4 Markdown admin/pages/*/edit part_body_content cross site scripting

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the partbodycontent parameter to an admin/pages//edit resource...

5.4CVSS2.7AI score0.00537EPSS
Exploits1References1
OSV
OSV
added 2018/01/03 1:29 a.m.16 views

CVE-2017-1000491

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

6.1CVSS6.5AI score
Exploits0References2
Rows per page
Query Builder