Lucene search
+L

6 matches found

Veracode
Veracode
added 2021/08/14 12:53 a.m.12 views

Remote Code Execution (RCE)

@github/paste-markdown is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization of the input into innerHTML property when copied from clipboard...

6.5CVSS7.5AI score0.0166EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/12 9:15 p.m.4 views

CVE-2021-37700

@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...

6.5CVSS5.7AI score0.0166EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/08/12 8:45 p.m.40 views

CVE-2021-37700 Clipboard-based DOM-XSS

@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...

6.5CVSS6.4AI score0.0166EPSS
Exploits1References4
OSV
OSV
added 2021/08/12 8:42 p.m.31 views

GHSA-GPFJ-4J6G-C4W9 Clipboard-based DOM-XSS

Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...

6.5CVSS6.2AI score0.0166EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/08/12 8:42 p.m.214 views

Clipboard-based DOM-XSS

Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...

6.5CVSS6AI score0.0166EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.5 views

paste-markdown 跨站脚本漏洞

paste-markdown is a paste Markdown object. A cross-site scripting vulnerability exists in paste-markdown versions prior to 0.3.4, which stems from dynamically creating a div if the clipboard data contains the string and copying the clipboard content into its innerHTML attribute without any cleanu...

6.5CVSS6.1AI score0.0166EPSS
Exploits1References4
Rows per page
Query Builder