EUVD-2025-9490

Malicious code in bioql PyPI...

The vulnerability of the MathLive formula editor, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of MathLive’s formula editor is related to the lack of measures taken to protect the structure of web pages when processing LaTeX expressions with the \htmlData attribute. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2025-29049

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker to execute arbitrary code via the MathLive function...

Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker...

GHSA-929M-PHJG-QWCC Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker...

CVE-2025-29049

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker to execute arbitrary code via the MathLive function...

CVE-2025-29049

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker to execute arbitrary code via the MathLive function...

mathlive 跨站脚本漏洞

mathlive is a web component for easy math input by Arno Gourdol Personal Developer. A security vulnerability exists in mathlive version 0.103.0 and earlier, which stems from a MathLive function that could lead to a cross-site scripting attack...

CVE-2025-29049

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker to execute arbitrary code via the MathLive function...

CVE-2025-29049

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before fixed in 0.104.0 allows an attacker to execute arbitrary code via the MathLive function...

CVE-2025-29049

CVE-2025-29049 affects arnog MathLive, versions ≤ 0.103.0. The vulnerability is a Cross Site Scripting flaw where unescaped HTML/HTML-related input in the MathLive function can allow arbitrary code execution. The issue is fixed in 0.104.0. Affected projects should upgrade to 0.104.0 or later to m...

MathLive's Lack of Escaping of HTML allows for XSS

Summary Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS. Details Overall in the code, other than in the test folder, no functions escaping...

GHSA-QWJ6-Q94F-8425 MathLive's Lack of Escaping of HTML allows for XSS

Summary Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS. Details Overall in the code, other than in the test folder, no functions escaping...

PT-2025-14382 · Mathlive · Mathlive

Name of the Vulnerable Software and Affected Versions: arnog MathLive versions 0.103.0 and earlier Description: The issue allows an attacker to execute arbitrary code via the MathLive function. This is a Cross Site Scripting vulnerability. Recommendations: For versions 0.103.0 and earlier, update...