Description markdown-it before 4.1.0 does not block data: URLs. Remediation References CVE-2015-3295 Related Vulnerabilities Envoy Proxy Improper Handling of Exceptional Conditions Vulnerability (CVE-2024-23325) WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.5.8) Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007) WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3) WordPress Plugin WordApp Mobile App-Convert your WordPress Site to a Mobile App Cross-Site Scripting (2.0.3) Severity Medium Classification CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities