6686 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML template rendering process. An attacker can execute arbitrary JavaScript in the context of a victim's browser by sending a specially crafted OAuth2 connection link containing a malicious display nam...
CVE-2025-13523
Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...
CVE-2026-25556
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...
CVE-2026-25556
CVE-2026-25556 affects MuPDF versions 1.23.0–1.27.0 and describes a double-free in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function drops a caller-owned fz_pixmap in its error path before rethrowing, and the bar‑code decoding path can drop th...
MuPDF 资源管理错误漏洞
MuPDF is an open-source software library written in C language. It is used to render pages as bitmaps, but also provides support for other operations such as searching and listing directories and links. Versions of MuPDF prior to 1.27.0 had a resource management vulnerability. This vulnerability...
PT-2026-6776
Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7 Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting XSS issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into...
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software DoS (cisco-sa-tce-roomos-dos-9V9jrC2q)
According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service is affected by a vulnerability. - A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software cou...
CVE-2026-25054
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...
CVE-2026-20119
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...
GHSA-V82V-C5X8-W282 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content
Description The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown, an...
CVE-2026-25148
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
Cross-site Scripting (XSS)
Overview @n8n/design-system is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown rendering process in the workflow user interface. An attacker can execute arbitrary scripts in the context of another user's session by crafting malicious markdown conten...
GHSA-QPQ4-PW7F-PP8W n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI
Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...
n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI
Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...
CVE-2026-25054
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...
CVE-2026-20119
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...
CVE-2026-23051
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...
CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...
CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...
CVE-2026-25054
CVE-2026-25054 affects n8n, an open source workflow automation platform. The vulnerability is a stored Cross-site Scripting (XSS) in the markdown rendering component used in the UI (including workflow sticky notes and other markdown areas). An authenticated user with permission to create/modify w...