99 matches found
RichText Field Type 安全漏洞
RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
CVE-2024-43369
CVE-2024-43369 affects Ibexa (ezplatform) RichText Field Type prior to 4.6.10. The validator blocked javascript: and vbscript: in links but could be bypassed with uppercase/case variants, enabling persistent XSS for users with content-editing permissions (typically Editor+). The issue is mitigate...
CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...
GHSA-RHM7-7469-RCPW Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...
Persistent Cross-site Scripting in Ibexa RichText Field Type
Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...
GHSA-HVCF-6324-CJH7 Persistent Cross-site Scripting in Ibexa RichText Field Type
Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...
Malicious code in kami-richtext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-1662 Malicious code in kami-richtext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
coderedcms (>=2.0.0 <=2.1.4), puput (=1.2.0) +31 more potentially affected by CVE-2023-45809 via wagtail (>=4.2.4 <=5.0.0rc1)
wagtail PYPI version =4.2.4, =2.0.0, =0.1.0, =0.3.4, =0.0.1, =1.6.0, =0.18.0, =0.19.2 - wagtail-hallo =0.3.0 - wagtail-images-deduplicator =1.0.0a1 and more Source cves: CVE-2023-45809 Source advisory: OSV:PYSEC-2023-219...
Reddit: RichText parser vulnerability in scheduled posts allows XSS
Hyperlinks were not being filtered on the server-side in Reddit's scheduled post feature, allowing an attacker to modify a request with a normal hyperlink that embeds a malicious link using a javascript scheme. This could result in an XSS attack if an admin clicked on the malicious link while...
SUSE CVE-2007-1282
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line...
SUSE CVE-2010-4071
Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...
Malicious code in @bf-ui-library/richtext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6f8eca6486a986ffa6a1485a09fcd040b4b868cf477e36a31ffaf282abbe266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-118 Malicious code in @bf-ui-library/richtext (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6f8eca6486a986ffa6a1485a09fcd040b4b868cf477e36a31ffaf282abbe266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
DEBIAN-CVE-2022-21690
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...
Cross-Site Scripting (XSS)
ezsystems/ezplatform-richtext is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in custom tags allowing an attacker to inject and execute malicious javascript...
GHSA-9JP8-CWWX-P64Q XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
The rich text editor does not escape attribute data when previewing custom tags. This means XSS is possible if custom tags are used, for users who have access to editing rich text content. Frontend content view is not affected, but the vulnerability could be used by editors to attack other editor...