GHSA-929m-phjg-qwcc

Опубликовано: 01 апр. 2025

Источник: github

Github: Прошло ревью

CVSS3: 6.3

Описание

Duplicate Advisory: MathLive's Lack of Escaping of HTML allows for XSS

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-qwj6-q94f-8425. This link is maintained to preserve external references.

Original Description

Cross Site Scripting vulnerability in arnog MathLive Versions v0.103.0 and before (fixed in 0.104.0) allows an attacker to execute arbitrary code via the MathLive function.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-29049
https://github.com/arnog/mathlive/commit/abc26056fd5e29a99edfa96a0bbe855ea2a8b678
https://github.com/advisories/GHSA-qwj6-q94f-8425

Пакеты

Наименование

mathlive

npm

Затронутые версииВерсия исправления

< 0.104.0

0.104.0

6.3 Medium

CVSS3

Дефекты

CWE-79

6.3 Medium

CVSS3

Дефекты

CWE-79