5 matches found
CVE-2026-58657
Grav before 2.0.0 (through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection in the Markdown image resize() action. In Excerpts::processMediaActions(), the resize() path writes caller-controlled values directly into the image’s styleAttributes. A low-priv content editor who can edit ...
EUVD-2022-4708
Malicious code in bioql PyPI...
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...
CVE-2020-13459
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...
Cross site scripting
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action...