CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

UBUNTU-CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

CVE-2025-4700

Removed by vendor...

CVE-2025-4700

GitLab CVE-2025-4700 affects GitLab CE/EE versions 15.10–18.0.4, 18.1.x before 18.1.3, and 18.2.x before 18.2.1. The issue could allow an attacker to trigger unintended content rendering that leads to Cross-site Scripting (XSS) under certain conditions. The provided documents do not specify the v...

CVE-2025-4700 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

GitLab 15.10 < 18.0.5 / 18.1 < 18.1.3 / 18.2 < 18.2.1 (CVE-2025-4700)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially...

CVE-2025-51462

Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...

GHSA-CJ6R-RRR9-FG82 Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering

Summary A remote script-inclusion / stored XSS vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and...

Nuxt MDC has an XSS vulnerability in markdown rendering that bypasses HTML filtering

Summary A remote script-inclusion / stored XSS vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative URLs are resolved, so an attacker can make the page load scripts, styles, or images from an external, attacker-controlled origin and...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-54075

Summary: CVE-2025-54075 affects @nuxtjs/mdc (Nuxt MDC) before version 0.17.2, where Markdown rendering allows a remote script-inclusion / stored XSS via injecting a tag. The vulnerability rewrites how subsequent relative URLs are resolved, enabling loading of scripts, styles, or images from atta...

Cross-site Scripting (XSS)

Vue I18n is vulnerable to Cross-site Scripting XSS. The vulnerability is due to incomplete escaping of interpolated parameters caused by the failure of the escapeParameterHtml: true option to prevent tag-based payload execution when rendered using v-html, even with minor HTML in translation strin...

Vulnerabilities fixed in XWiki

XWiki has fixed vulnerabilities in the rendering system and the default macro content parser. The vulnerabilities in the XWiki rendering system allowed attackers to perform XSS attacks due to the dependency on the xdom+xml/current syntax. This vulnerability has been fixed in version 14.10. In...

PT-2025-34434

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A revert was implemented to address an issue where the dma buf field in the drm gem object structure became unstable during the object instance's lifetime. Specifically, the field coul...

PT-2025-34433

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists due to an unstable dma buf field within the drm gem object structure in the Linux kernel. The field can become NULL when user space releases the final GEM handle on the...

CVE-2025-53836

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...

CVE-2025-53835

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

Cross-site Scripting (XSS)

org.xwiki.rendering:xwiki-rendering-syntax-xhtml is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the XHTML syntax relying on the xdom+xml/current syntax, which allows insertion of arbitrary HTML including JavaScript, enabling XSS for users with document editing rights...