Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering

Summary A remote script-inclusion / stored XSS vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and...

GHSA-CJ6R-RRR9-FG82 Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering

Summary A remote script-inclusion / stored XSS vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and...

CVE-2025-54075

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-50056

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter...

CVE-2025-54075

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075

Summary: CVE-2025-54075 affects @nuxtjs/mdc (Nuxt MDC) before version 0.17.2, where Markdown rendering allows a remote script-inclusion / stored XSS via injecting a tag. The vulnerability rewrites how subsequent relative URLs are resolved, enabling loading of scripts, styles, or images from atta...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-50056

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter...

CVE-2025-50126

CVE-2025-50126 describes a stored XSS vulnerability in RSBlog! for Joomla, affecting versions 1.11.6–1.14.5. The issue arises from improper handling of the jform[tags_text] parameter, allowing remote authenticated users to inject arbitrary web script or HTML. Multiple connected sources corroborat...

CVE-2025-50056 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla

A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter...

PT-2025-30053 · Unknown · @Nuxtjs/Mdc

Name of the Vulnerable Software and Affected Versions: @nuxtjs/mdc versions prior to 0.17.2 Description: A remote script-inclusion / stored cross-site scripting issue exists in @nuxtjs/mdc. A Markdown author can inject a element, which rewrites how relative URLs are resolved. This allows an...

PT-2025-30024 · Rsjoomla · Rsmail!

Name of the Vulnerable Software and Affected Versions: RSMail! versions 1.19.20 through 1.22.26 Description: A reflected cross-site scripting XSS issue exists in the RSMail! component for Joomla. The issue allows remote attackers to inject arbitrary web script or HTML via a manipulated parameter...

CVE-2025-53926

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

CVE-2025-53926 Emlog has Stored Cross-site Scripting vulnerability due to error

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefo...

emlog 安全漏洞

emlog is emlog open source a PHP and MySQL based CMS website builder. A security vulnerability exists in emlog pro-2.5.17 and earlier versions, which stems from insufficient keyword parameter cleanup, and could lead to a remote attacker injecting arbitrary Web scripts...

PT-2025-29838 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog versions through 2.5.17 Description: Emlog is a website building system. A cross-site scripting XSS issue exists in versions up to and including 2.5.17, allowing remote attackers to inject arbitrary web script or HTML via the comment an...

Malicious code in crpt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 27d11f666afed6152d1e6e4f510ee725397a411a11ca6338fb5583dd21b400cc Importing the module starts downloading or decrypting, and then executing an executable being a wide recognized malware/Infostealer Redline family --- Category...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...