CVE-2025-23207 | KaTeX up to 0.16.20 Mathematical Expression renderToString cross site scripting (GHSA-cg87-wmx4-v546)

Inserito da Angelo Barbosa | Gen 18, 2025 | CVE

A vulnerability classified as problematic was found in KaTeX up to 0.16.20. Affected by this vulnerability is the function renderToString of the component Mathematical Expression Handler. The manipulation leads to cross site scripting.

This vulnerability is known as CVE-2025-23207. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-23207 | KaTeX up to 0.16.20 Mathematical Expression renderToString cross site scripting (GHSA-cg87-wmx4-v546)

Post correlati

CVE-2023-41954 | ProfilePress Plugin up to 4.13.1 on WordPress privileges management

CVE-2023-42230 | Pat Infinite Solutions HelpdeskAdvanced up to 11.0.33 WSCView/Save cross site scripting

CVE-2024-25443 | Hugin 2022.0.0 Image linkWith use after free

CVE-2024-0597 | Squirrly SEO Plugin up to 12.3.15 on WordPress Setting cross site scripting