EUVD-2025-26646

Malicious code in bioql PyPI...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-clipboard is a Clipboard integration feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewToPlainText function in the utils/viewtoplaintext.ts file. An attacker can execute unauthorized JavaScript code by...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

GHSA-X9GP-VJH6-3WV6 CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

Linux Distros Unpatched Vulnerability : CVE-2020-35474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of...

BIT-MEDIAWIKI-2024-34500

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages in the $err var are not escaped before being passed to Html::rawElement in the getError function in the...

MediaWiki cross-site scripting vulnerability (CNVD-2020-74054)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. MediaWiki before 1.35.1 suffers from a cross-site scripting vulnerability tha...

MediaWiki Cosmos Skin Cross-Site Scripting Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki Cosmos Skin version...

CVE-2020-27620

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups...