GHSA-f9vc-q3hh-qhfv

Описание

Versions 1.4.0 and earlier of remarkable are affected by a cross-site scripting vulnerability. This occurs because vulnerable versions of remarkable did not properly whitelist link protocols, and consequently allowed javascript: to be used.

Proof of Concept

Markdown Source:

Rendered HTML:

Recommendation

Update to version 1.4.1 or later