Lucene search
K

95 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29397

Malicious code in bioql PyPI...

6.6AI score
Exploits0References4
Veracode
Veracode
added 2025/06/19 9:59 a.m.4 views

Cross-Site Scripting (XSS)

ibexa/fieldtype-richtext is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and escaping in the back office components, allowing malicious scripts to be injected and stored...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:13 p.m.10 views

CVE-2020-8773

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability...

8.9CVSS5.8AI score0.0083EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 a.m.8 views

CVE-2010-4071

Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...

2.6CVSS5.7AI score0.01891EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/24 4:23 a.m.9 views

XML External Entity (XXE) Injection

RichText is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation due to unsafe XML elements being processed in user-editable RichText fields, allowing attackers with edit permissions to read server files...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/04/10 12:26 p.m.12 views

ibexa/fieldtype-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

6.6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/04/10 12:26 p.m.1 views

GHSA-CJ3W-G42V-WCJ6 ibexa/fieldtype-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.6AI score
Exploits0References4
OSV
OSV
added 2025/04/10 12:25 p.m.3 views

GHSA-2JQJ-5QV2-XVCG ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.6AI score
Exploits0References4
Snyk
Snyk
added 2025/04/10 12:25 p.m.1 views

XML External Entity (XXE) Injection

Overview ezsystems/ezplatform-richtext is a platform RichText Extension, including the RichText FieldType. Affected versions of this package are vulnerable to XML External Entity XXE Injection via fields of RichText field type, in DOMDocumentFactory. A user with edit permission can read server...

7.1CVSS7.5AI score
Exploits0References2
Snyk
Snyk
added 2025/04/10 12:25 p.m.3 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via fields of RichText field type, in DOMDocumentFactory. A user with edit permission can read server files by injecting malicious XML content. Details XXE Injection is a type of attack against an...

7.1CVSS7.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/10 12:25 p.m.62 views

ezsystems/ezplatform-richtext allows access to external entities in XML

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

6.6AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.5 views

PT-2025-15998 · Packagist · Ibexa/Fieldtype-Richtext

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.4 views

PT-2025-15997 · Packagist · Ezsystems/Ezplatform-Richtext

Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...

7.1CVSS6.7AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 12:44 p.m.8 views

CVE-2024-43369

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS6.4AI score0.00367EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/16 9:12 a.m.12 views

Cross Site Scripting (XSS)

ibexa/fieldtype-richtext is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation due to a blacklist approach that can be circumvented by using uppercase characters. This allows attackers with content editing permissions to inject malicious scripts into...

7.2CVSS6.1AI score0.00367EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/08/16 2:15 a.m.17 views

CVE-2024-43369

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS0.00367EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/08/16 12:0 a.m.5 views

RichText Field Type 安全漏洞

RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...

7.2CVSS5.8AI score0.00367EPSS
Exploits0References6
CVE
CVE
added 2024/08/15 11:17 p.m.57 views

CVE-2024-43369

CVE-2024-43369 affects Ibexa (ezplatform) RichText Field Type prior to 4.6.10. The validator blocked javascript: and vbscript: in links but could be bypassed with uppercase/case variants, enabling persistent XSS for users with content-editing permissions (typically Editor+). The issue is mitigate...

7.2CVSS6.9AI score0.00367EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/15 11:17 p.m.17 views

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS6.9AI score0.00367EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/15 11:17 p.m.25 views

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS0.00367EPSS
Exploits0References5
Rows per page
Query Builder