Описание
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's. sanitize: true Even if this option is set, marked is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations * gfm codeblocks (language) * javascript url's
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.3.9+dfsg-1 |
| devel | not-affected | 0.3.9+dfsg-1 |
| esm-apps/bionic | not-affected | 0.3.9+dfsg-1 |
| esm-apps/xenial | not-affected | 0.3.2+dfsg-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [0.3.1+dfsg-1]] |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| saucy | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
Multiple cross-site scripting (XSS) vulnerabilities in the Marked modu ...
Multiple Content Injection Vulnerabilities in marked
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3