65 matches found
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...
CVE-2022-0350
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.13...
CVE-2022-0341
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 3.8.12...
EUVD-2022-0572
Malicious code in bioql PyPI...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2021-32855
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue...
CVE-2021-4103
Cross-site Scripting XSS - Stored in GitHub repository vanessa219/vditor prior to 1.0.34...
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...
CVE-2024-39150
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet...
CVE-2024-39150
vditor, version 3.9.8 and earlier, is vulnerable to an Arbitrary file read via a crafted data packet. The issue is confirmed across multiple sources (NVD/Red Hat/CVE ecosystem). Affected component: vditor (frontend/Markdown editor). Root cause details are not explicitly provided in the extracted ...
PT-2024-28363 · Vditor · Vditor
Name of the Vulnerable Software and Affected Versions: vditor versions 3.9.8 and earlier Description: The issue allows for Arbitrary file read via a crafted data packet. Recommendations: For versions 3.9.8 and earlier, update to a version later than 3.9.8 to resolve the issue...
vditor Security Vulnerabilities
Vditor is a browser-side Markdown editor by the individual developer Vanessa219. A security vulnerability exists in vditor 3.9.8 and earlier versions, which stems from vulnerability to reading arbitrary files via a crafted packet...
Cross Site Scripting (XSS)
vditor is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of default xss sanitization within the editor, which allows an attacker to execute XSS via an attribute of an A element...
GHSA-M5JF-8CRM-R65M Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
PT-2024-25903 · Vditor · Vditor
Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...
CVE-2024-34449
CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...