Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.4AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1673

Malware in sbrugna...

6.1CVSS6.1AI score0.00727EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2127

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00434EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/25 12:0 a.m.23 views

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

5AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2023/08/24 10:16 p.m.18 views

GHSA-3X59-VRMC-5MX6 @webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content

Overview @webiny/react-rich-text-renderer is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the...

4.8CVSS4.8AI score0.0034EPSS
Exploits0References5
OSV
OSV
added 2023/07/25 7:11 p.m.19 views

GHSA-M8FW-P3CR-6JQC Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...

4.7CVSS6AI score0.00481EPSS
Exploits0References3
NVD
NVD
added 2022/11/03 2:15 p.m.24 views

CVE-2022-39262

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue h...

5.2CVSS0.00628EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/08/19 3:53 p.m.49 views

Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS1.1AI score0.00727EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2021/08/19 3:53 p.m.26 views

GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS5.9AI score0.00727EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/08/11 12:0 a.m.17 views

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2021-013)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

6.1CVSS6AI score0.00727EPSS
Exploits0References1
OSV
OSV
added 2021/08/10 5:15 p.m.24 views

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS6.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/08/10 5:15 p.m.31 views

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS5.8AI score0.00727EPSS
Exploits0References3
Prion
Prion
added 2021/08/10 5:15 p.m.20 views

Cross site scripting

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

4.3CVSS6.1AI score0.00727EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/10 4:30 p.m.31 views

CVE-2021-32768 Cross-Site Scripting via Rich-Text Content

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS6.4AI score0.00727EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2021/08/10 7:50 a.m.40 views

TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-013...

6.1CVSS7.2AI score0.00727EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2021/08/10 12:0 a.m.40 views

Cross-Site Scripting via Rich-Text Content

Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...

4.3CVSS2.3AI score0.00727EPSS
Exploits0Affected Software1
Rows per page
Query Builder