EUVD-2017-11422

Malware in sbrugna...

EUVD-2024-3621

Malicious code in bioql PyPI...

CVE-2024-56510

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

The vulnerability of the Markdown Marp Core presentation creation tool is related to insufficient protection of website structures, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the Markdown-based presentation creation tool Marp Core is related to insufficient protection of the web page structure when processing HTML content. Exploiting this vulnerability could allow attackers to perform cross-site scripting attacks...

CVE-2024-56510

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization

@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...

CVE-2024-56510

Marp Core vulnerability CVE-2024-56510 affects Marp Core versions from v3.0.2 to v3.9.0 and v4.0.0, where improper neutralization of HTML sanitization leads to Cross-Site Scripting (XSS). The issue is addressed in Marp Core v3.9.1 and v4.0.1. If immediate upgrading is not feasible, a workaround i...

GHSA-X52F-H5G4-8QV5 Marp Core allows XSS by improper neutralization of HTML sanitization

Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...

Marp Core allows XSS by improper neutralization of HTML sanitization

Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...

marp-core 跨站脚本漏洞

marp-core is a Marp open source core for a Marp converter. A cross-site scripting vulnerability exists in marp-core versions v3.0.2 through v3.9.0 and v4.0.0, which stems from improper neutralization of HTML cleanup and is vulnerable to cross-site scripting attacks...

PT-2022-7696 · Npm · @Marp-Team/Marp-Core

Name of the Vulnerable Software and Affected Versions: @marp-team/marp-core versions 3.0.2 through 3.9.0 @marp-team/marp-core version 4.0.0 Description: The issue is related to cross-site scripting XSS due to improper neutralization of HTML sanitization. This can allow an attacker to conduct...

Marp vulnerable to improper access control in JavaScript execution

Overview Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Marp Incorrect Access Control Vulnerability

Marp is a cross-platform slide writer developed in CoffeeScript. A security vulnerability exists in Marp 0.0.1 and earlier versions. An attacker can exploit the vulnerability to obtain sensitive information...

CVE-2017-2239

Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...

CVE-2017-2239

Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...

Code injection

Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...

CVE-2017-2239

Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...

CVE-2017-2239

CVE-2017-2239 affects Marp v0.0.10 and earlier, where JavaScript in Markdown contents can access local resources/files due to improper access control. The JVN entry confirms impact: local files may be read and leaked. Remediation is to update to Marp v0.0.11, which restricts JavaScript from acces...