Description
In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.
Remediation
References
https://github.com/jonschlinkert/remarkable/issues/332
Related Vulnerabilities
CVE-2022-0853 Vulnerability in maven package jboss:jboss-client
CVE-2018-3721 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash
CVE-2014-0086 Vulnerability in maven package org.richfaces.core:richfaces-core-impl
CVE-2015-1840 Vulnerability in npm package jquery-ujs
CVE-2023-44487 Vulnerability in maven package io.helidon.http:helidon-http-http2