Description
In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.
Remediation
References
https://github.com/jonschlinkert/remarkable/issues/332
Related Vulnerabilities
CVE-2020-8244 Vulnerability in npm package bl
CVE-2022-38749 Vulnerability in maven package org.yaml:snakeyaml
CVE-2014-0050 Vulnerability in maven package commons-fileupload:commons-fileupload
CVE-2020-28480 Vulnerability in maven package org.webjars.bower:jointjs
CVE-2020-27666 Vulnerability in npm package strapi-plugin-content-manager