Description

Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.

Remediation

References

http://www.openwall.com/lists/oss-security/2014/05/15/2

https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743

http://www.openwall.com/lists/oss-security/2014/05/13/1

Related Vulnerabilities

CVE-2021-22135 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js

CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-common

CVE-2023-40346 Vulnerability in maven package io.jenkins.plugins:shortcut-job

CVE-2019-10341 Vulnerability in maven package io.jenkins.docker:docker-plugin

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Broken Link Issue Tracking