Description
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
Remediation
References
http://www.openwall.com/lists/oss-security/2014/05/13/1
http://www.openwall.com/lists/oss-security/2014/05/15/2
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743
https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
Related Vulnerabilities
CVE-2023-26118 Vulnerability in npm package angular
CVE-2019-0195 Vulnerability in maven package org.apache.tapestry:tapestry-core
CVE-2020-36048 Vulnerability in maven package org.webjars.bower:engine.io
CVE-2020-13973 Vulnerability in maven package com.mikesamuel:json-sanitizer
CVE-2021-39152 Vulnerability in maven package com.thoughtworks.xstream:xstream