Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken Link
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Broken Link
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations * gfm codeblocks (language) * javascript url's
Multiple cross-site scripting (XSS) vulnerabilities in the Marked modu ...
Multiple Content Injection Vulnerabilities in marked
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2