CVE-2024-56082

ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true...

Lumos 安全漏洞

Lumos is a tool by Andrew Nguonly personal developer. It is used for browsing web pages. A security vulnerability exists in Lumos versions prior to 1.0.17, which stems from the use of the markdown-to-jsx package without disableParsingRawHTML set to true, where ChatBar.tsx parses raw HTML from...

CVE-2024-56082

Lumos vulnerability CVE-2024-56082 affects Lumos versions prior to 1.0.17. The issue lies in ChatBar.tsx, which parses raw HTML in Markdown because the markdown-to-jsx package is used without disabling raw HTML parsing (disableParsingRawHTML not set to true). This can lead to HTML content in Mark...

CVE-2024-56082

ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true...

CVE-2024-56082

ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true...

PT-2024-36709 · Unknown +1 · Markdown-To-Jsx +1

Name of the Vulnerable Software and Affected Versions: Lumos versions prior to 1.0.17 Description: The issue arises from the ChatBar.tsx component in Lumos, which parses raw HTML in Markdown. This occurs because the markdown-to-jsx package is used without setting disableParsingRawHTML to true...

CVE-2023-29207 Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro

XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from Livetable Macro not properly cleaning up column names, thus allowing the insertion of raw HTML code including JavaScript...

CVE-2021-24208

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...

MediaWiki cross-site scripting vulnerability (CNVD-2020-74053)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. MediaWiki before 1.35.1 suffers from a cross-site scripting vulnerability tha...

DEBIAN-CVE-2020-35474

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML...

UBUNTU-CVE-2020-35474

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML...

PT-2020-6677 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue exists due to the lack of protection for the web page structure in MediaWiki, specifically with the combination of Html::rawElement and Message::text. This can be exploited by a remote...

Cross-site Scripting (XSS)

MediaWiki is vulnerable to cross-site scripting XSS. Allowing an attacker to modify messages is include raw HTML which NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier...

Cisco Email Security Appliance (ESA) Information Disclosure (cisco-sa-sma-wsa-esa-info-dis-vsvPzOHP)

According to its self-reported version, the Cisco Email Security Appliance ESA is affected by an information disclosure vulnerability in the web-based management interface of Cisco AsyncOS software due to the use of an insecure method to mask certain passwords on the web-based management interfac...

CVE-2020-3547

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

CVE-2020-3547 Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to access sensitive information on an affecte...

Cross-Site Scripting (XSS)

node-red-dashboard is vulnerable to cross-site scripting XSS. The vulnerability exists as the uinotification node accepts raw HTML code by default...

CVE-2019-10756

It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...

Search and Dump System Configuration: otseca

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...