20 matches found
EUVD-2017-11422
Malware in sbrugna...
EUVD-2024-3621
Malicious code in bioql PyPI...
CVE-2024-56510
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...
CVE-2024-56510
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...
CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...
CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...
CVE-2024-56510
Marp Core vulnerability CVE-2024-56510 affects Marp Core versions from v3.0.2 to v3.9.0 and v4.0.0, where improper neutralization of HTML sanitization leads to Cross-Site Scripting (XSS). The issue is addressed in Marp Core v3.9.1 and v4.0.1. If immediate upgrading is not feasible, a workaround i...
CVE-2024-56510 Marp Core allows XSS by improper neutralization of HTML sanitization
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patch...
Marp Core allows XSS by improper neutralization of HTML sanitization
Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...
GHSA-X52F-H5G4-8QV5 Marp Core allows XSS by improper neutralization of HTML sanitization
Marp Core @marp-team/marp-core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting XSS due to improper neutralization of HTML sanitization. Impact Marp Core includes an HTML sanitizer with allowlist support. In the affected versions, the built-in allowlist is enabled by...
marp-core 跨站脚本漏洞
marp-core is a Marp open source core for a Marp converter. A cross-site scripting vulnerability exists in marp-core versions v3.0.2 through v3.9.0 and v4.0.0, which stems from improper neutralization of HTML cleanup and is vulnerable to cross-site scripting attacks...
PT-2022-7696 · Npm · @Marp-Team/Marp-Core
Name of the Vulnerable Software and Affected Versions: @marp-team/marp-core versions 3.0.2 through 3.9.0 @marp-team/marp-core version 4.0.0 Description: The issue is related to cross-site scripting XSS due to improper neutralization of HTML sanitization. This can allow an attacker to conduct...
Marp vulnerable to improper access control in JavaScript execution
Overview Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the...
Marp Incorrect Access Control Vulnerability
Marp is a cross-platform slide writer developed in CoffeeScript. A security vulnerability exists in Marp 0.0.1 and earlier versions. An attacker can exploit the vulnerability to obtain sensitive information...
CVE-2017-2239
Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...
CVE-2017-2239
Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...
Code injection
Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...
CVE-2017-2239
Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript...
CVE-2017-2239
CVE-2017-2239 affects Marp v0.0.10 and earlier, where JavaScript in Markdown contents can access local resources/files due to improper access control. The JVN entry confirms impact: local files may be read and leaked. Remediation is to update to Marp v0.0.11, which restricts JavaScript from acces...
JVN#21174546: Marp vulnerable to improper access control in JavaScript execution
Marp is a tool to create a presentation PDF with Markdown. Marp executes JavaScript inside the Markdown contents. Marp allows JavaScript to access local resources and files CWE-284. Impact When reading specially crafted Markdown contents, local files may be accessed and leaked to an external...