CVE-2025-67723

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

CVE-2025-67723

CVE-2025-67723 affects Discourse server with the Discourse Math plugin when using KaTeX. The issue is a content-security-policy-mitigated cross-site scripting vulnerability in the KaTeX variant, present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The vulnerability is addressed...

CVE-2025-67723

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

CVE-2025-67723 Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

EUVD-2025-206450

Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2,...

PT-2026-5181

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse, an open source discussion platform, is affected by a...

CVE-2023-49807

Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

TencentOS Server 4: mathjax (TSSA-2025:0638)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0638 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2020-10665

Malware in sbrugna...

EUVD-2018-0212

Malware in sbrugna...

EUVD-2019-8950

Malware in sbrugna...

EUVD-2024-34471

Malicious code in bioql PyPI...

EUVD-2024-39062

Malicious code in bioql PyPI...

EUVD-2024-52090

Malicious code in bioql PyPI...

MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability

...

Linux Distros Unpatched Vulnerability : CVE-2018-1999024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascri...

Linux Distros Unpatched Vulnerability : CVE-2023-39663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service ReDoS vulnerabilities in MathJax.js via the components pattern and...

Linux Distros Unpatched Vulnerability : CVE-2024-43805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on us...

Moodle 5.x < 5.0.1 Reflected Cross-Site Scripting

According to its self-reported version, the Moodle install hosted on the remote host is 5.x prior to 5.0.1 . It is, therefore, affected by a Reflected XSS in MathJax. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

CVE-2024-41482

Typora before 1.9.3 Markdown editor has a cross-site scripting XSS vulnerability via the MathJax component...