EUVD-2022-49000

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2018-16836

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI...

CVE-2022-46180

Discourse Mermaid discourse-mermaid-theme-component allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been...

CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component

Discourse Mermaid discourse-mermaid-theme-component allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been...

CVE-2022-46180

CVE-2022-46180 affects Discourse’s Mermaid-themed component: discourse-mermaid-theme-component v1.0.0 allows users who can create posts to inject arbitrary HTML into the post content due to the Mermaid integration. The issue has been fixed on the main branch, with 1.1.0 designated as the patched ...

CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component

Discourse Mermaid discourse-mermaid-theme-component allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A cross-site scripting vulnerability exists in Discourse discourse-mermaid-theme-component version 1.0.0, which can be exploited by an attacker to inject arbitrary HT...

CVE-2022-39270 Arbitrary HTML injection in table-of-contents theme component in DiscoTOC

DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...

CVE-2022-39270

CVE-2022-39270 affects the DiscoTOC Discourse theme component. The vulnerability arises from lack of escaping/filtering of input data on pages that can create topics in toC-enabled categories, allowing users with topic-creation rights and sufficient trust level to inject arbitrary HTML on the top...

PT-2022-24858 · Discotoc · Discotoc

Name of the Vulnerable Software and Affected Versions: DiscoTOC versions prior to the fixed version on the main branch Description: The issue allows users to inject arbitrary HTML on a topic's page if they can create topics in TOC-enabled categories and have a sufficient trust level. The estimate...

Rubedo Directory Traversal Vulnerability

Rubedo is a content management system. theme is one of the theme components. A path traversal vulnerability exists in the theme component in Rubedo 3.4.0 and earlier. An attacker can use this vulnerability to read and execute arbitrary files outside of the root directory of the service...

Directory Traversal

webtales/rubedo is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of the file path in the theme component, allowing directory traversal attacks...

CVE-2018-16836

Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI...