234 matches found
GHSA-VCCX-P757-PV6H mo has a XSS via inline SVG script tags in Markdown rendering
Summary When rendering Markdown files containing inline SVG elements with tags, the embedded JavaScript is executed in the browser. This is due to rehype-raw passing raw HTML including SVG through to the DOM without sanitization. PoC html alert1 Embedding the above in a Markdown file opened with ...
CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability
LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...
CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability
LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...
CVE-2026-28509
LangBot’s web UI prior to version 4.8.7 renders user-supplied raw HTML via rehypeRaw, resulting in a cross-site scripting (XSS) vulnerability. Affected product: LangBot (global IM bot platform for LLMs). Root cause: unescaped user HTML processed by rehypeRaw. Impact (per CVSS): Confidentiality im...
CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability
LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...
LangBot 跨站脚本漏洞
LangBot is an open-source development platform for large-scale instant messaging robots created by LangBot. Versions of LangBot prior to 4.8.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of rehypeRaw to render the original HTML provided by users, which...
Malicious code in ignite-rehype-xo-cypress (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4a51f0740e1612c51322e453536c8292d2bc79861076bc5c2b152821856564f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179465
Malicious code in css-loader-rehype-toml-version npm...
EUVD-2025-179284
Malicious code in docusaurus-thermosphere-aquarius-rehype npm...
EUVD-2025-175799
Malicious code in update-hadron-rehype-phoenix npm...
EUVD-2025-176731
Malicious code in rehype-mesosphere-orbit-puppeteer npm...
EUVD-2025-176730
Malicious code in rehype-sequelize-avior-redis npm...
EUVD-2025-179657
Malicious code in comet-rehype-transport-entanglement npm...
EUVD-2025-175994
Malicious code in test-cache-rehype-backend npm...
Malicious code in cosmiconfig-xml-rehype-webpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c337d51a5afe782ff83bde8f55685686a71e8d4b23d52af00c64f247b76db8e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-180089
Malicious code in betelgeuse-gammarayburst-puppeteer-rehype npm...
EUVD-2025-179450
Malicious code in csv-mongodb-rehype-less-loader npm...
EUVD-2025-178452
Malicious code in ignite-rehype-xo-cypress npm...
EUVD-2025-179550
Malicious code in cosmiconfig-xml-rehype-webpack npm...
EUVD-2025-178544
Malicious code in hercules-pyxis-rehype-hermes npm...