14 matches found
EUVD-2022-1501
Malicious code in bioql PyPI...
Cross-site Scripting in vditor
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.13...
CVE-2022-0350 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.13...
CVE-2022-0350 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.13...
CVE-2022-0350
CVE-2022-0350 describes a Stored XSS in vanessa219/vditor prior to 3.8.13. The vulnerability arises when a URL value is used for a link via Markdown syntax without proper cleanup, allowing injected scripts to execute in the context of the user. Affected component: the vditor editor (GitHub reposi...
CVE-2022-0341
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.12...
CVE-2022-0341 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.12...
CVE-2022-0341
CVE-2022-0341: A stored XSS vulnerability in vanessa219/vditor prior to 3.8.12. Public sources (CNVD/CNNVD) attribute the issue to lack of data validation/filtering of user-supplied/output data, allowing injected JavaScript in the browser. Affected software is the vditor editor (web-based Markdow...
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Description The Vanessa219/vditor is a markdown editor supported by browsers. If the user passes javascript:alertdocument.domain as the URL value when creating a link using the markdown syntax, there is no sanitizing process and the link is created as it is. Proof of Concept txt XSS PoC : xss 1...
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Description The Vanessa219/vditor is a markdown editor supported by browsers. When a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute and trigger XSS using the on attribute. Proof of Concept txt XSS PoC : xs...
CVE-2021-4103
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 1.0.34...
CVE-2021-4103
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 1.0.34...
CVE-2021-4103 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 1.0.34...
CVE-2021-4103
CVE-2021-4103 is an XSS in vanessa219/vditor prior to 1.0.34 (stored XSS). Multiple sources (NVD, OSV, Red Hat, CNVD, GHSA) confirm cross-site scripting risk in the vditor editor. Affected component: vditor (JavaScript library). Impact: execution of arbitrary client-side scripts in the context of...