Описание
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | |
| upstream | needs-triage |
Показывать по
6.1 Medium
CVSS3
Связанные уязвимости
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to ...
6.1 Medium
CVSS3