Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

markdown-it Improper Access Control Vulnerability (CVE-2015-3295)

Description

markdown-it before 4.1.0 does not block data: URLs.

Remediation

References

Related Vulnerabilities

WordPress Plugin Recent Backups Arbitrary File Download (0.7)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)

PHP Numeric Errors Vulnerability (CVE-2010-4699)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Cross-Site Request Forgery Vulnerabilities (1.5.12)

MediaWiki CVE-2017-8812 Vulnerability (CVE-2017-8812)

Severity

Medium

Classification

CVE-2015-3295 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities