{"id": "GHSA-XR53-M937-JR9C", "bulletinFamily": "software", "title": "Cross-Site Scripting in ngx-md", "description": "Versions of `ngx-md` prior to 6.0.3 are vulnerable to Cross-Site Scripting. Links are not properly restricted to http/https and can contain JavaScript which may lead to arbitrary code execution. Markdown input such as `[Click Me](javascript:alert('Injected!'%29)` is rendered as a `Click Me` link that executes JavaScript.\n\n\n## Recommendation\n\nUpgrade to version 6.0.3 or later.", "published": "2020-09-03T15:49:14", "modified": "2020-09-03T15:49:14", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://github.com/advisories/GHSA-xr53-m937-jr9c", "reporter": "GitHub Advisory Database", "references": ["https://github.com/dimpu/ngx-md/issues/129", "https://github.com/advisories/GHSA-xr53-m937-jr9c"], "cvelist": [], "type": "github", "lastseen": "2020-09-03T19:10:44", "edition": 1, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-XR53-M937-JR9C"]}], "modified": "2020-09-03T19:10:44", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2020-09-03T19:10:44", "rev": 2}, "vulnersScore": 5.0}, "affectedSoftware": [{"name": "ngx-md", "operator": "lt", "version": "6.0.3"}]}

{}