Description markdown-it before 4.1.0 does not block data: URLs. Remediation References CVE-2015-3295 Related Vulnerabilities Oracle Database Server CVE-2006-0259 Vulnerability (CVE-2006-0259) WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2) WordPress Plugin Mail On Update Cross-Site Request Forgery (5.1.0) EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350) WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Code Injection (3.6.10) Severity Medium Classification CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities