Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-21535

Опубликовано: 15 окт. 2024
Источник: nvd
CVSS3: 6.1
EPSS Низкий

Описание

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:quantizor:markdown-to-jsx:*:*:*:*:*:*:*:*
Версия до 7.4.0 (исключая)

EPSS

Процентиль: 35%
0.00145
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2024-21535

CVSS3: 6.1
ubuntu
больше 1 года назад

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

redhat логотип

CVE-2024-21535

CVSS3: 6.1
redhat
больше 1 года назад

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

debian логотип

CVE-2024-21535

CVSS3: 6.1
debian
больше 1 года назад

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to ...

github логотип

GHSA-4wx3-54gh-9fr9

CVSS3: 6.1
github
больше 1 года назад

Cross site scripting in markdown-to-jsx

EPSS

Процентиль: 35%
0.00145
Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79
CWE-79