Описание
Cross-Site Scripting in mrk.js
Versions of mrk.js before 2.0.1 are vulnerable to cross-site scripting (XSS) when markdown is converted to HTML.
Recommendation
Update to version 2.0.1 or later and use mark.sanitizeURL() for any src and href attributes when extending the markdown.
Пакеты
Наименование
mrk.js
npm
Затронутые версииВерсия исправления
< 2.0.1
2.0.1
Дефекты
CWE-79
Дефекты
CWE-79