Lucene search
K

7 matches found

OSV
OSV
added 2026/07/06 7:31 p.m.5 views

CVE-2026-50133 Hugo: XSS via text/html content files

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

5.1CVSS5.5AI score0.00187EPSS
Exploits0References5
CVE
CVE
added 2026/07/06 7:31 p.m.22 views

CVE-2026-50133

CVE-2026-50133 affects Hugo, a static site generator. The issue: before v0.162.0, content files mapped to text/html (e.g., HTML under /content or via adapters setting content.mediaType = "text/html") had their body emitted verbatim, enabling stored cross-site scripting if untrusted HTML content i...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/16 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...

5.4CVSS5.9AI score0.00187EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 7:22 p.m.10 views

Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

6.1CVSS5.1AI score0.00187EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/16 7:22 p.m.5 views

GHSA-C54G-XJWJ-8G82 Hugo: XSS via text/html content files

Commit: e41a06447d — Disallow HTML content by default Affected versions: all Hugo versions prior to v0.162.0. Fixed in: v0.162.0. Severity: Low to Medium, depending on threat model. Not an issue if you fully trust every file under /content and every content adapter you load. Description. Hugo...

5.1CVSS5.1AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0779

Malware in sbrugna...

6.1CVSS6.5AI score0.01905EPSS
Exploits0References8
Veracode
Veracode
added 2024/08/16 8:16 a.m.19 views

Cross Site Scripting(XSS)

Trix editor is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of text/html content types in the dataTransfer object during paste events, allowing attackers to execute arbitrary JavaScript by tricking users into pasting malicious code...

6.5CVSS7.6AI score0.00487EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder