Lucene search
K

116 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.4 views

SUSE CVE-2018-1999024

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

5.4CVSS5.1AI score0.01254EPSS
Exploits1References3
Huntr
Huntr
added 2022/09/04 8:16 p.m.27 views

Desktop APP XSS to RCE

📝 Description Bypass disabled plugins configuration According to its default configuration, drawio desktop disables the use of custom plugin and must be using --enable-plugins to enable it. In addition, draw.io allows you to configure the application mainly the interface using a json file...

4.4CVSS7AI score0.01282EPSS
Exploits1
OSV
OSV
added 2021/08/19 4:15 p.m.4 views

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

6.1CVSS6.6AI score0.00947EPSS
Exploits1References2
NVD
NVD
added 2021/08/19 4:15 p.m.19 views

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

6.1CVSS0.00947EPSS
Exploits1References2
Prion
Prion
added 2021/08/19 4:15 p.m.17 views

Cross site scripting

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

4.3CVSS6.1AI score0.01182EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/08/19 4:0 p.m.22 views

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

6.2AI score0.00947EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/19 12:0 a.m.5 views

Typora 跨站脚本漏洞

Typora is an editor. A cross-site scripting vulnerability exists in Typora version 0.9.65, which can be exploited by an attacker to execute arbitrary code via mathjax syntax...

6.1CVSS6.5AI score0.00947EPSS
Exploits1References3
OSV
OSV
added 2019/11/27 4:15 p.m.4 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.1CVSS6.6AI score0.0142EPSS
Exploits1References4
NVD
NVD
added 2019/11/27 4:15 p.m.26 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.1CVSS6.4AI score0.0142EPSS
Exploits1References4
Prion
Prion
added 2019/11/27 4:15 p.m.18 views

Design/Logic Flaw

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

4.3CVSS6.4AI score0.0142EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/11/27 3:28 p.m.50 views

CVE-2019-19329

CVE-2019-19329 affects the Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT (2019-11-07). The vulnerability is a cross-site scripting (XSS) flaw where arbitrary JavaScript could execute when mathematical expressions in results are rendered directly. The underlying cause is inadequate h...

6.1CVSS6.4AI score0.0142EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/11/27 3:28 p.m.27 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.5AI score0.0142EPSS
Exploits1References4
CNVD
CNVD
added 2018/08/09 12:0 a.m.6 views

MathJax Cross-Site Scripting Vulnerability

MathJax is an open source JavaScript display engine . A cross-site scripting vulnerability exists in the \unicode macro in MathJax versions prior to 2.7.4. A remote attacker can exploit this vulnerability to execute untrusted Javascript code in a web browser...

5.4CVSS5.3AI score0.01254EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2018/07/27 5:5 p.m.6 views

growppt (>=1.0.0 <=2.1.1), mathjax-node-aixuexi (>=1.0.7 <=1.0.9) +3 more potentially affected by CVE-2018-1999024 via mathjax (>=2.6.1 <=2.7.3)

mathjax NPM version =2.6.1, =1.0.0, =1.0.7, =1.4.3, =1.2.3, =1.2.4 Source cves: CVE-2018-1999024 Source advisory: OSV:GHSA-3C48-6PCV-88RM...

5.4CVSS6AI score0.01254EPSS
Exploits1
OSV
OSV
added 2018/07/27 5:5 p.m.13 views

GHSA-3C48-6PCV-88RM Macro in MathJax running untrusted Javascript within a web browser

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

5.4CVSS5.8AI score0.01254EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2018/07/27 5:5 p.m.25 views

Macro in MathJax running untrusted Javascript within a web browser

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

5.4CVSS5.3AI score0.01254EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2018/07/24 2:13 a.m.25 views

Cross-site Scripting (XSS)

mathjax is vulnerable to cross-site scripting XSS attacks. The vulnerability exists through the improper sanitization through the \unicode and \class mcaros, allowing arbitrary JavaScript to be executed when rendered...

5.4CVSS5.1AI score0.01254EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/07/23 4:29 p.m.28 views

CVE-2018-1999024

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

5.4CVSS5.3AI score0.01254EPSS
Exploits1References2
OSV
OSV
added 2018/07/23 4:29 p.m.5 views

DEBIAN-CVE-2018-1999024

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

5.4CVSS6AI score0.01254EPSS
Exploits1References1
OSV
OSV
added 2018/07/23 4:29 p.m.13 views

CVE-2018-1999024

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

5.4CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder