Description markdown-it before 4.1.0 does not block data: URLs. Remediation References CVE-2015-3295 Related Vulnerabilities TCExam Other Vulnerability (CVE-2010-2153) WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (2.5.9.1) Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23797) Oracle JRE CVE-2013-0437 Vulnerability (CVE-2013-0437) OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1551) Severity Medium Classification CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities