exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2016-10531

больше 7 лет назад

marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-10531

больше 7 лет назад

marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-10531

больше 7 лет назад

marked is an application that is meant to parse and compile markdown. ...

CVSS3: 6.1

EPSS: Низкий

GHSA-vfvf-mqq8-rwqc

почти 7 лет назад

Sanitization bypass using HTML Entities in marked

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2016-10531 marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.	CVSS3: 6.1	0% Низкий	больше 7 лет назад
CVE-2016-10531 marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.	CVSS3: 6.1	0% Низкий	больше 7 лет назад
CVE-2016-10531 marked is an application that is meant to parse and compile markdown. ...	CVSS3: 6.1	0% Низкий	больше 7 лет назад
GHSA-vfvf-mqq8-rwqc Sanitization bypass using HTML Entities in marked	CVSS3: 6.1	0% Низкий	почти 7 лет назад

Уязвимостей на страницу