Lucene search
+L

8 matches found

OSV
OSV
added 2024/07/15 6:33 p.m.20 views

GHSA-H3PQ-667X-R789 Plate media plugins has a XSS in media embed element when using custom URL parsers

Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...

8.4CVSS7.8AI score0.00498EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/15 6:33 p.m.22 views

Plate media plugins has a XSS in media embed element when using custom URL parsers

Impact Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and instead consume the url property directly may also be...

8.1CVSS6AI score0.00498EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/15 6:21 p.m.17 views

CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media

Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...

8.1CVSS6AI score0.00498EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/15 6:21 p.m.59 views

CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media

Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...

8.1CVSS0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.4 views

Plate Security Breach

Plate is a plugin system for Ziad Beyens individual developers to make it easier to build fully functional editors. Plate has a security vulnerability that stems from when the editor uses the MediaEmbedElement component and passes custom urlParsers via the useMediaState hook, if the custom parser...

8.1CVSS6AI score0.00498EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.16 views

PT-2024-28953 · Npm · @Udecode/Plate-Media

Name of the Vulnerable Software and Affected Versions: @udecode/plate-media versions prior to 36.0.10 Description: The issue affects editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook, potentially allowing XSS if a custom parser permits javascript:, data: or...

8.4CVSS6.1AI score0.00498EPSS
Exploits0References8
CNVD
CNVD
added 2022/09/22 12:0 a.m.46 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...

6.5CVSS7.8AI score0.00947EPSS
Exploits0References1
OSV
OSV
added 2010/11/06 12:0 a.m.2 views

DEBIAN-CVE-2010-2477

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

4.3CVSS5.7AI score0.02288EPSS
Exploits0References1
Rows per page
Query Builder