Moderate severity vulnerability that affects remarkable

2019-05-29T18:04:55
ID GHSA-36M4-6V6M-4VPR
Type github
Reporter GitHub Advisory Database
Modified 2019-10-10T20:52:50

Description

In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.