27 matches found
EUVD-2021-13619
Malware in sbrugna...
EUVD-2021-8141
Malicious code in bioql PyPI...
EUVD-2022-43574
Malicious code in bioql PyPI...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2021-26835
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
CVE-2021-20727
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...
Zettlr input validation error vulnerability
Zettlr is the most comprehensive editor for professionally editing Markdown files. version 2.3.0 of Zettlr is vulnerable to an input validation error, which stems from the fact that the application has no CSP policy and does not properly validate content before rendering markdown files, which cou...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
Zettlr 输入验证错误漏洞
Zettlr is the most comprehensive editor for professionally editing Markdown files. version 2.3.0 of Zettlr is vulnerable to an input validation error, which stems from the fact that the application has no CSP policy and does not properly validate content before rendering markdown files, which cou...
CVE-2022-40276
The CVE-2022-40276 entry concerns Zettlr 2.3.0, where viewing a malicious Markdown file can lead to remote disclosure of arbitrary local files on the client. The root cause cited across sources is weak or missing Content Security Policy (CSP) and/or insufficient validation of Markdown content bef...
CVE-2022-40276
Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy or at least not strict enough and/or does not properly valida...
CVE-2021-26835
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
CVE-2021-26835
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
Cross site scripting
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
CVE-2021-26835
No filtering of cross-site scripting XSS payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file...
CVE-2021-26835
CVE-2021-26835 affects Zettlr 1.8.7, where the markdown-editor lacks filtering of XSS payloads, enabling remote code execution via a crafted file. The issue is tied to the editor component, with the root cause described as insufficient input sanitization. Impact described as remote code execution...
Zettlr 跨站脚本漏洞
Zettlr is one of the most comprehensive editors for professional editing of Markdown files. Zettlr 1.8.7 suffers from a cross-site scripting vulnerability that stems from the lack of cross-site scripting XSS payload filtering in the markdown editor. An attacker can exploit this vulnerability to...
CVE-2021-20727
Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...