exploitDog

CVE-2017-16006

Опубликовано: 04 июн. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of data: URIs in links and can therefore execute javascript.

Ссылки

https://github.com/jonschlinkert/remarkable/issues/227
Exploit
Issue Tracking
Patch
Third Party Advisory
https://nodesecurity.io/advisories/319
Exploit
Third Party Advisory
https://github.com/jonschlinkert/remarkable/issues/227
Exploit
Issue Tracking
Patch
Third Party Advisory
https://nodesecurity.io/advisories/319
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:remarkable_project:remarkable:*:*:*:*:*:node.js:*:*

Версия до 1.6.2 (включая)

EPSS

Процентиль: 47%

0.00241

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-mrmf-qwxg-7c3h

github

около 7 лет назад

XSS in Data URI in remarkable

EPSS

Процентиль: 47%

0.00241

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

CWE-79