Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to
Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and respon
Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsa
Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious websit
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoint
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with em
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source wi
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This issue affects CWD – S
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdown_extract() function did not perform sufficient sanitization
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > characte
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS a
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in vic
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files w
A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. At
Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting (XSS) in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that exe
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localho
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embeddi
HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Se
Page 1+ Next →