Description

Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.

Remediation

References

http://www.openwall.com/lists/oss-security/2014/05/13/1

http://www.openwall.com/lists/oss-security/2014/05/15/2

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3743

https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities

Related Vulnerabilities

CVE-2019-1003059 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher

CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2016-5003 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2021-32684 Vulnerability in npm package magento-scripts

CVE-2020-14326 Vulnerability in maven package org.jboss.resteasy:resteasy-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Mailing List Third Party Advisory Issue Tracking Broken Link