-
This markdown editor is vulnerable to xss attacks especially the preview feature.
ghost updated
1 month ago
-
**`Severity Threshold: 🔵 MEDIUM`**
# 135 Potential vulnerability sources found within this repo
| `🔴 CRITICAL` | `🟡 HIGH` | `🔵 MEDIUM` | `⚪ LOW` |
|-|-|-|-|
| 0 | 60 | 75 | 0 |
**`ID: 01J2FGF1R4ME…
-
I found multiple XSS Attack vectors that aren't caught by the `isXss` function:
https://github.com/RisingStack/protect/blob/60b0c91e86686d34e5202419ce9ae7e8dc08edcd/lib/rules/xss.js#L4-L13
## tl…
-
See codepen
https://codepen.io/Adam-Skwersky/pen/oNOBXzY
**Steps for Reproduction**
1. Visit [codepen](https://codepen.io/Adam-Skwersky/pen/oNOBXzY)
2. Run the codepen, and quill starts in ed…
-
As title
-
This lib is vulnerable to XSS attacks if html/javascript is entered as a search term. The lib has many instances of `innerHTML` replacements where `textContent` should be used.
Steps to reproduce:
…
-
When I use vue-pdf-app in my Vue Chrome extension, nothing can run because eval is used in the source code.
I get errors like:
`Refused to evaluate a string as JavaScript because 'unsafe-eval' is no…
-
### Is your feature request related to a problem? Please describe.
Yes, the issue is that the cookie set by `next-intl` does not have the `HttpOnly` flag. This can present a security risk because coo…
-
Hi! I have detected that there is xss attack not prevented. I guess because of these code
`
$comments[$Comment->id] = $Comment->attributes;
$CommentListWidget
->getView()
->registerJs('jQuery…
-
As identified by our bundle audit job in the CI:
```
Name: bootstrap-sass
Version: 3.4.1
CVE: CVE-2024-6484
GHSA: GHSA-9mvj-f7w8-pvh2
Criticality: Medium
URL: https://github.com/advisories/GHSA…