Description
Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.
Remediation
References
http://www.openwall.com/lists/oss-security/2014/05/13/1
http://www.openwall.com/lists/oss-security/2014/05/15/2
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743
https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
Related Vulnerabilities
CVE-2019-1003062 Vulnerability in maven package org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
CVE-2020-10727 Vulnerability in maven package org.apache.activemq:artemis-core-client
CVE-2019-10407 Vulnerability in maven package hudson.plugins:project-inheritance
CVE-2022-41879 Vulnerability in npm package parse-server
CVE-2019-10243 Vulnerability in maven package org.eclipse.kura:target-platform