Description

markdown-it before 4.1.0 does not block data: URLs.

Remediation

References

CVE-2015-3295

Related Vulnerabilities

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

Oracle Database Server CVE-2011-2243 Vulnerability (CVE-2011-2243)

WordPress Plugin DukaPress Multiple Cross-Site Scripting Vulnerabilities (2.5.9)

Ruby Other Vulnerability (CVE-2021-41817)

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-1015)

Severity

Medium

Classification

CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities