3 matches found
CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection
A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...
Rocket.Chat 跨站脚本漏洞
Rocket.Chat is an open source team chat software. Chat suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which can be exploited by an attacker to manipulate its style, block functionality, and...
Rocket.Chat: Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat
Summary: Rocket.Chat offers two different markdown parsers out of the box: the ’orginal’ one and the ’marked’ one. Both markdown parsers offer a different set of features with different re- strictions. Due to more loose restrictions in the ’marked’ parser, a persistent CSS injection in the web...