62 matches found
EUVD-2022-29622
Malicious code in bioql PyPI...
Malicious code in markup-web-editor (npm)
The package markup-web-editor was found to contain malicious code...
MAL-2025-25958 Malicious code in markup-web-editor (npm)
The package markup-web-editor was found to contain malicious code...
CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido
Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...
wangEditor Security Vulnerability
wangEditor is an open source Web rich text editor from wangEditor Inc. A security vulnerability exists in wangEditor version 4.7.11, which stems from vulnerability to cross-site scripting XSS attacks...
Slate 访问控制错误漏洞
slate is an extensible WYSIWYG web application from slate for quickly creating interactive, data-driven web pages. A security vulnerability exists in Slate versions prior to 6.207.0, which stems from a lack of source validation in the sandbox that could be exploited by a malicious user to modify...
ICEcoder 路径遍历漏洞
ICEcoder is a browser-based code editor that provides a modern approach to building websites. By allowing you to write code directly in your web browser. A security vulnerability exists in ICEcoder version v8.1 that stems from an attacker being able to perform directory traversal...
Improper Neutralization of Input During Web Page Generation in CKEditor4
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
CKEditor Security Vulnerabilities
CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor prior to CKEditor 4.16, which allows redos-type attacks to be executed in CKEditor 4 by inducing a victim to paste carefully crafted text into the styled input of a specific dialog box...
Raonwiz DEXT5 Editor Arbitrary File Download Vulnerability
Raonwiz DEXT5 Editor is an HTML-based Web editor from the Korean company Raonwiz. A security vulnerability exists in the handler/uploadhandler.jsp file in Raonwiz DEXT5 Editor 3.5.1402961 and earlier versions. An attacker can exploit this vulnerability to download arbitrary files with the help of...
Progress Kendo UI Editor Cross-Site Scripting Vulnerability
Progress Kendo UI Editor is a complete UI toolkit for web development. A cross-site scripting vulnerability exists in Progress Kendo UI Editor that allows an attacker to execute JavaScript within the context of the editor itself...
Stored XSS Vulnerability in Full Version of UEditor
UEditor is developed by Baidu web front-end R & D Department of WYSIWYG rich text web editor . A stored XSS vulnerability exists in all versions of UEditor. An attacker can exploit this vulnerability to execute javascript code in a file...
Amaya Web Editor <= 11.0 - Remote Buffer Overflow PoC
No description provided by source. !/usr/bin/perl -w Amaya Web Editor = 11.0 Remote Buffer Overflow P0c By Mountassif Moad Stack Here D : http://www.w3.org/Amaya/Distribution/amaya-WinXP-11.0.exe EAX 00000001 ECX 0F866A64 EDX 0083AA64 amaya.0083AA64 EBX 00000000 ESP 0012D080 EBP 00000006 ESI...
South Korea, a web editor 0day analysis-vulnerability warning-the black bar safety net
The editor in South Korea used more widely, www.hani.co.kr and www.kbs.co.kr and www.joinsmsn.com 中都 有 使用 the. Due to the greatly station, the specific program name is not easy to directly publish. Following only the problem code to do a brief analysis. The main problem is that the upload class i...
A system syWebEditor upload exploit-vulnerability warning-the black bar safety net
Keywords: inurl:syWebEditor EXP:/syWebEditor/SelUploadFile. asp? obj=ProPhoto&fileType=gif%7Cjpg%7Cpng% 7C&filePathType=1&filePath=/PhotoFile/ProFile/ poc:http://www. myhack58. com/syWebEditor/SelUploadFile. asp? obj=ProPhoto&fileType=gif%7Cjpg%7Cpng% 7C&filePathType=1&filePath=/PhotoFile/ProFile...
From learning webshell hide to Ferret out the simple analysis-vulnerability warning-the black bar safety net
webshell,do not say it!, The back door,ancient and modern breaking the network must home,great bite is stab,thousand station with the waste of the said,blowing a big,theme. First of all, we in the dark said,once into the site,it will leave the back door,but the current mainstream is asp,php free...
Ve-EDIT 0.1.4 Local File Inclusion
------------------------------------------------------------------------------------- Ve-EDIT v 0.1.4 debugphp.php LFI Vulnerability ------------------------------------------------------------------------------------- Author: CoBRa21 Mail: uykucuatwindowslivedotcom Script Download:...
Amaya 11.1 XHTML Buffer Overflow
=cicatriz ==advisories= / / / / // / / // / o / / .-/ =Amaya 11.1 XHTML Parser Buffer Overflow==/= == =Advisory & Vulnerability Information=== Title: Amaya 11.1 XHTML Parser Buffer Overflow Advisory ID: VUDO-2009-0104 Advisory URL: http://research.voodoo-labs.org/advisories/2 Date founded:...
CVE-2009-0809
The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object...
Design/Logic Flaw
The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object...