EUVD-2022-2458

Malicious code in bioql PyPI...

GHSA-4WC5-GFGH-4VJX EpicEditor XSS Vulnerability

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

EpicEditor XSS Vulnerability

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial-of-service ReDoS attacks. The vulnerability exists as a vulnerable regex for parsing heading causes catastrophic backtracking is used in lib/marked.js, allowing a malicious input to consume resources to cause a ReDoS attack...

Moderate severity vulnerability that affects marked

Withdrawn This advisory has been withdrawn, per NVD: "This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue." Original Description A Regular expression Denial of Service ReDoS vulnerability in the file marked.js of the marked npm package tested on...

GHSA-CRMX-V835-HCP4 Moderate severity vulnerability that affects marked

Withdrawn This advisory has been withdrawn, per NVD: "This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue." Original Description A Regular expression Denial of Service ReDoS vulnerability in the file marked.js of the marked npm package tested on...

Cross-site Scripting (XSS)

epiceditor is vulnerable to cross-site scripting XSS attacks. The vulnerability is possible because it does not escape the input tags when rendering a page using marked.js...

Epiceditor – Cross-Site Scripting（CVE-2017-6589）

EpicEditor Introduction EpicEditor is an embeddable JavaScript Markdown editor with split fullscreen editing, live previewing, automatic draft saving, offline support, and more. For developers, it offers a robust API, can be easily themed, and allows you to swap out the bundled Markdown parser wi...

CVE-2017-6589

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

Cross site scripting

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

CVE-2017-6589

The CVE-2017-6589 vulnerability affects EpicEditor up to version 0.2.3, arising from an insecure default configuration of marked.js that does not escape input. This allows cross-site scripting via crafted HTML (e.g., an image tag) in previews rendered by the editor. Public references (including G...