95 matches found
EUVD-2025-29397
Malicious code in bioql PyPI...
Cross-Site Scripting (XSS)
ibexa/fieldtype-richtext is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and escaping in the back office components, allowing malicious scripts to be injected and stored...
CVE-2020-8773
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting XSS vulnerability...
CVE-2010-4071
Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...
XML External Entity (XXE) Injection
RichText is vulnerable to XML External Entity XXE Injection. The vulnerability is due to improper input validation due to unsafe XML elements being processed in user-editable RichText fields, allowing attackers with edit permissions to read server files...
ibexa/fieldtype-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
GHSA-CJ3W-G42V-WCJ6 ibexa/fieldtype-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
GHSA-2JQJ-5QV2-XVCG ezsystems/ezplatform-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
XML External Entity (XXE) Injection
Overview ezsystems/ezplatform-richtext is a platform RichText Extension, including the RichText FieldType. Affected versions of this package are vulnerable to XML External Entity XXE Injection via fields of RichText field type, in DOMDocumentFactory. A user with edit permission can read server...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via fields of RichText field type, in DOMDocumentFactory. A user with edit permission can read server files by injecting malicious XML content. Details XXE Injection is a type of attack against an...
ezsystems/ezplatform-richtext allows access to external entities in XML
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
PT-2025-15998 · Packagist · Ibexa/Fieldtype-Richtext
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
PT-2025-15997 · Packagist · Ezsystems/Ezplatform-Richtext
Impact This security advisory resolves a vulnerability in the RichText field type. By entering a maliciously crafted input into the RichText XML, an attacker could perform an attack using XML external entity XXE injection, which might be able to read files on the server. To exploit this...
CVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
Cross Site Scripting (XSS)
ibexa/fieldtype-richtext is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input validation due to a blacklist approach that can be circumvented by using uppercase characters. This allows attackers with content editing permissions to inject malicious scripts into...
CVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
RichText Field Type 安全漏洞
RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...
CVE-2024-43369
CVE-2024-43369 affects Ibexa (ezplatform) RichText Field Type prior to 4.6.10. The validator blocked javascript: and vbscript: in links but could be bypassed with uppercase/case variants, enabling persistent XSS for users with content-editing permissions (typically Editor+). The issue is mitigate...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...