99 matches found
plone.restapi: Stored XSS by spoofing mime type
Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...
GHSA-4R4F-GG25-RMG5 plone.app.textfield: Stored XSS by spoofing mime type
Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...
plone.app.textfield: Stored XSS by spoofing mime type
Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...
Malicious code in wordpad-text-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d4d50aa948a360a788613f1fee19f4d1853c93d8792a5899c620e56d40c53ad On npm install, the declared postinstall hook runs node main.js, which decodes an obfuscated URL stored as...
Malicious code in richtext-editor-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe87b6998b0d91eb7eefb71e37d8145b5db79b79dd21bc1ffda10d56d64b6d16 On npm install, postinstall.js base64-decodes a hardcoded URL https://www.jsonkeeper.com/b/7EBZP, fetches its body via axios, and pipes the response...
MAL-2026-5852 Malicious code in richtext-editor-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe87b6998b0d91eb7eefb71e37d8145b5db79b79dd21bc1ffda10d56d64b6d16 On npm install, postinstall.js base64-decodes a hardcoded URL https://www.jsonkeeper.com/b/7EBZP, fetches its body via axios, and pipes the response...
EUVD-2026-29547
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...
CVE-2026-25544
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...
CVE-2026-25544
Payload CMS (free/open-source headless CMS) prior to v3.73.0 is vulnerable to blind SQL injection in JSON and richText queries when using PostgreSQL/SQLite adapters. User input is embedded into SQL without escaping, enabling unauthenticated data disclosure (emails, password reset tokens) and full...
CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...
SQL Injection
Overview @payloadcms/drizzle is an A library of shared functions used by different payload database adapters Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user...
SQL Injection
Overview @payloadcms/db-vercel-postgres is a Vercel Postgres adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafte...
SQL Injection
Overview @payloadcms/db-d1-sqlite is a The officially supported D1 SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accoun...
GHSA-XX6W-JXG9-2WH8 @payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...
PT-2026-6650
Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.73.0 Description Payload is a free and open source headless content management system. Prior to version 3.73.0, user input was directly embedded into SQL queries without proper escaping when querying JSON or richTex...
DNN DotNetNuke.Core < 9.13.10 / 10.0 < 10.2.0 XSS
According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.10 and 10.2.0. It is, therefore, affected by a cross-site scripting vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in t...
CVE-2026-24833
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
GHSA-W9PF-H6M6-V89H DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...